A method and system for managing security information for a domain of
computer systems is provided. The security system displays security
information for a selected security object, such as a user or a computer
system. The security system initially retrieves security information that
includes security specifications that each has the identification of an
entity, a resource, and an access right for the selected security object.
The security system then displays an identification of the entity and the
resource along with the access right for each security specification.
When the security information is stored in a security store (i.e., the
main security store) by resource and, for each resource, the entities
that have access rights to that resource, the security system may use an
auxiliary security store to facilitate the retrieval of the security
information.