An access management apparatus, method and program storage device for permitting or prohibiting access to each of a plurality of nodes stored hierarchically, including means and steps for storing rule functions with a plurality of requesters to access a node, each of the rule functions for determining whether access should be permitted or rejected depending on the position of the node in the hierarchical structure or depending on the requester, receiving an access request from a requester, selecting the rule function, and executing the rule function which has been selected by the selector, and controlling permission of, or prohibition of, the access request on the basis of a result of executing the rule function.