摘要
提出了一种具备较高通用性的权限系统的设计方案与实现方法,可以应用于企业级信息系统、社区系统与门户系统。相对于传统的以角色作为用户权限标识的方法,添加了组别、全局角色与组内角色、权限客体类型等元素,使得用户与资源能够更合理地进行管理与组织,并允许以不同权限判断逻辑进行权限判断。陈述了新方案的形式化定义和具体应用实例,以及实现方案与技术。最终提出一种适用于本权限方案的缓存策略,实验与实际应用结果表明其可以大幅度提高权限判断系统的效率。
Design and realization resolution plan of a kind of extremely universal access system is put forward, which can be applied to the enterprise information applications, community system and portal system. Compared with the traditional role-based permission control method, group, global role, group role, access object types and other elements is added to this scheme, users and resources can be more reasonable in management and organization and different logic for permissions judgment is allowed to used in it. Then, the formal definition of this method, as well as a specific of application, implementation scheme and technologies is described. Finally a kind of cache strategy for this application is put forward, and the efficiency improvement of the permissions system is proved by the ex- periment and practical application.
出处
《计算机工程与设计》
CSCD
北大核心
2011年第11期3582-3585,3663,共5页
Computer Engineering and Design
基金
国家社会科学基金项目(10BT0004)
中国科学院新增能力基金项目
关键词
信息系统
门户系统
角色
组别
权限控制
information system
portal system
role
group
permission control