Policies, in general are defined at a higher level in terms of business objects, their attributes, and operations. On the other hand managed resources, on which the policies are finally going to execute, have their own access control lists to limit the operations that an application user can perform. As a result, many policies which are syntactically and semantically correct, may fail to execute at run time due to ACL violations.

This paper describes an approach wherein the information on access control provided at the managed resources level is leveraged to check for policy executability and provide meaningful feedback in case there are problems. This is done at policy specification time as opposed to runtime, which is not desirable, as is typically done by current systems. Furthermore, this avoids redundant access control specifications which can lead to inconsistencies in addition to being a burden on the user. A pragmatic approach for checking policy executability from an access control viewpoint and providing several types of feedback are the focus of this paper.