摘要
对"基于角色的访问控制"方法进行扩展,提出"基于规则和角色的访问控制"方法。在此基础上,研制出一个.Net框架下信息管理系统的访问控制解决方案。该方案通过为客体(页面或其它类对象)绑定若干访问控制列表(Access Control List,ACL),再利用可视化编辑器来设置ACL,以实现对系统功能的动态配置,最终完成对用户访问权限的灵活管理。
The Rule & Role Based Access Control method(RRBAC) is given by optimizing and expanding the role based access control one.An access control solution based on.Net framework is presented using the RRBAC model.The access control list bound to the objects such as page and other class objects is set by the visual editor is designed in advance.The privilege management achieved by the dynamic configuration of the system modules is proved to be flexible and effective.
出处
《成都信息工程学院学报》
2009年第1期53-57,共5页
Journal of Chengdu University of Information Technology
基金
院选科研基金资助项目(CRF200815)