摘要
基于角色的访问控制是目前应用得较为广泛的一种访问控制技术,在基于角色的访问控制策略中,最关键的技术就是角色的定义和用户的授权;对于角色的定义,在实际应用中,一般根据企业中已有的工作职能来进行;对于用户的授权,以ARBAC97模型为基础,提出了基于资源的RBAC模型——RRBAC,将企业机构资源和系统菜单资源分层次赋给角色,以简化角色的授权管理;经分析,该模型有利于角色的划分,实现了更细粒度的访问控制,优化了基于角色的访问控制。
Role-based access control is a kind of access control technology that widely used today. The key technologies in RBAC policy are defining roles and assigning permissions to users. In our application, defining roles often relies on the job functions in company. For assigning permissions to users, analyzed the ARBAC97 model, and then proposed a new access control model -RRBAC, which is based on resource. RRBAC authorizes all of the system and organization resources hierarchically to users, in order to simplify the permission-role assignment. As analyzing, the new model is beneficial to design roles, implement thinner control capabilities of access, and optimize the RBAC.
出处
《计算机测量与控制》
CSCD
2008年第2期231-232,238,共3页
Computer Measurement &Control
基金
国家自然科学基金资助项目(60173041)