Algorithm 5.

Generate rule-sets for each subject

1:	procedure GENERATE_SORO(i, Ov, RO, OR, OS)
2:	ST ← OS[i]	▹ obtain all the object-operation pairs entitled to ith subject
3:	$S{T}^{\prime }\leftarrow []$
4:	for each (oa, opb ) in ST do	▹ iterating over all object-operation pairs in ST
5:	$S{T}^{\prime }\leftarrow S{T}^{\prime }\cup \left\{o_a\right\}$
6:	RS ← [ ]	▹ RS will finally contain the sets of rules for the ith subject
7:	for each (oc, opd) in ST do	▹ iterate over all object-operation pairs in ST
8:	T ← RO[c]	▹ obtain all the rules corresponding to an object in an object-operation pair
9:	for each re in T do	▹ iterate over all rules obtained
10:	if re [op] $\ne$Opd then	▹ check whether the operations in the object-operation pair and the rule match
11:	RO [c]← RO [c]-{re}	▹ discard the rule
12:	insert (RS, RO [c])
13	$R{S}^{\prime }\leftarrow RS$
14:	for j ← 1 to $\left|R{S}^{\prime }\right|$do	▹ iterating over all rule sets
15:	for each rf in $R{S}^{\prime }[j]$do	▹ iterating over rules in each rule set
16:	UT ← OR[f]	▹ obtain the objects corresponding to each rule
17:	if $UT-S{T}^{\prime }\ne$ Null then	▹ checking for unauthorized accesses
18:	RS [j] ← RS [j] - {rf}	▹ pruning a rule allowing unauthorized access
19:	if RS [j] = Null then
20:	exit
21:	return RS