摘要
基于角色的访问控制是目前应用在系统控制用户访问中比较主流的一门技术。在此针对医疗系统的特点,在基于角色的访问控制模型的基础上,分析医疗系统中的访问主体和客体,引入角色,将权限和角色相关联,重点研究不同用户对记录的访问控制,提出一个访问控制算法,通过分配用户适当的角色,然后授予用户适当的访问权限,使用户和访问权限逻辑分离,从而提高了在医疗系统中权限分配和访问控制的灵活性与安全性。
Role-based access control (RBAC) is a mainstream technology applied to the system control user access. Accord- ing to the characteristics of the medical system, an access control algorithm is put forward in this paper. On the basis of RBAC model, the access subject and object in the medical system is analyzed, the role is introduced into the system, the permissions is associated with role, and the control for different users' access to records is investigated emphatically, by assigning a role to the appropriate user, then confering an appropriate access privilege on the user, and making the user and access logic separated, the flexibility and security of the permission assignment and access control in the medical system are improved.
出处
《现代电子技术》
2013年第24期25-28,共4页
Modern Electronics Technique
