Method and apparatus for assigning policies B[210]/B which are rules B[210]/B that govern the use of or access to network B[120]/B services. Each rule B[210]/B defines conditions that when evaluated true trigger actions to allow or deny the service. Techniques are disclosed which provide for explicit, flexible, and centralized assignment of policy B[210]/B to targets B[110]/B which are specified network services. These techniques include explicitly associating a policy B[210]/B with a network resource or process, grouping policy B[210]/B related processes, grouping related targets B[110],/B associating groups of targets B[300]/B with groups of policies B[400]/B, mapping a user name contained in a policy B[210]/B to an associated network address such as an Internet Protocol (IP) address, and providing dynamically mapped policy identified user and host names with associated network addresses, such as IP addresses, to client processes.
展开▼