Management of access control in multi-cloud environments

What is claimed is: 1. A computer-implemented method comprising: defining an access policy for a plurality of files in a file system stored in an on-premises storage system, wherein the access policy is associated with an application; registering the application with an off-premises storage system, wherein the registering ensures the first off-premises storage system can manage the access policy and the application can access the off-premise storage; creating, in response to the registering, a resource-based cloud access policy based on an on-premise access policy; determining a set of files from the plurality of files to migrate to the off-premises storage; obtaining, for the set of files, the resource-based cloud access policy as access metadata; and migrating, in response to the obtaining and the registering, the set of files and the access metadata to the off-premises storage with the resource-based cloud access policy, wherein the resource-based cloud access policy is configured to control access, based on the access metadata, to the set of files on the off-premises storage. 2. The method of claim 1 , wherein the resource-based access policy is further configured to manage an access request for the set of files at the off-premises storage system. 3. The method of claim 2 , wherein the controlling includes denying access to the first file based on account data from the access request not matching the access metadata for the first file. 4. The method of claim 2 , wherein the controlling includes allowing access to the first file based on account data of the access request matching the access metadata for the first file. 5. The method of claim 1 , wherein the access metadata includes, for each file of the set of files, a file identifier, an account, a group identifier, and an access level. 6. The method of claim 1 , wherein the access policy is based on an access control list (ACL). 7. The method of claim 6 , wherein the access policy is based on information lifecycle management (ILM) policy created resource access cloud policy. 8. The method of claim 1 , further comprising: registering, the access policy with a second off-premises storage system; and migrating a second set of files from the plurality of files and a second set of access metadata for the seconds set of files to the second off-premises storage system. 9. The method of claim 8 , wherein the on-premises storage system, first off-premises storage system, and the second off-premises storage system are included in a hybrid multi cloud system. 10. The method of claim 1 , wherein an owner of the plurality of files does not have domain level access control on the off-premises storage. 11. The method of claim 10 , wherein the resource-based cloud access policy prevents an operator of the off-premises storage with the domain level access control from accessing the set of files. 12. The method of claim 1 , wherein the set of files are stored as objects on the off-premises storage system. 13. A system comprising: a processor; and a computer-readable storage medium communicatively coupled to the processor and storing program instructions which, when executed by the processor, are configured to cause the processor to: define an access policy for a plurality of files in a file system stored in an on-premises storage system, wherein the access policy is associated with an application; register the application with an off-premises storage system, wherein the registering ensures the first off-premises storage system can manage the access policy and the application can access the off-premise storage; create, in response to the registering, a resource-based cloud access policy based on an on-premise access policy; determine a set of files from the plurality of files to migrate to the off-premises storage; obtain, for the set of files, the resource-based cloud access policy as access metadata; and migrate, in response to the obtaining and the registration, the set of files and the access metadata to the off-premises storage with the resource-based cloud access policy, wherein the resource-based cloud access policy is configured to control access, based on the access metadata, to the set of files on the off-premises storage. 14. The system of claim 13 , wherein the resource-based access policy is further configured to manager an access request for the set of files at the off-premises storage system. 15. The system of claim 14 , wherein the controlling includes allowing access to the first file based on account data of the access request matching the access metadata for the first file. 16. The system of claim 13 , wherein the access metadata includes, for each file of the set of files, a file identifier, an account, a group identifier, and an access level. 17. A computer program product, the computer program product comprising a computer readable storage medium having program instructions embodied therewith, the program instructions executable by a processing unit to cause the processing unit to: define an access policy for a plurality of files in a file system stored in an on-premises storage system, wherein the access policy is associated with an application; register the application with an off-premises storage system, wherein the registering ensures the first off-premises storage system can manage the access policy and the application can access the off-premise storage; create, in response to the registering, a resource-based cloud access policy based on an on-premise access policy; determine a set of files from the plurality of files to migrate to the off-premises storage; obtain, for the set of files, the resource-based cloud access policy as access metadata; and migrate, in response to the obtaining and the registration, the set of files and the access metadata to the off-premises storage with the resource-based cloud access policy, wherein the resource-based cloud access policy is configured to control access, based on the access metadata, to the set of files on the off-premises storage. 18. The computer program product of claim 17 , wherein the resource-based access policy is further configured to manager an access request for the set of files at the off-premises storage system. 19. The computer program product of claim 18 , wherein the controlling includes denying access to the first file based on account data from the access request not matching the access metadata for the first file. 20. The computer program product of claim 17 , wherein the access metadata includes, for each file of the set of files, a file identifier, an account, a group identifier, and an access level.