A Logic Framework for Reasoning on Data Access Control Policies