Toward group-based user-attribute policies in azure-like access control systems