摘要
用集合论的方法分析了模型选取的4个决定因素:需要授权的用户数量,功能权限集的基数,角色的权限变化情况,用户的角色变化情况。对RBAC和FBAC的适用情况进行了划分。论证了在复杂的大型系统中,综合采用多种访问控制模型,对权限进行分割合并,区分出公共权限和专门权限,并引入多级授权机制,才能够克服单一模型的不足。
This paper analyzes the 4 factors that determine which model should be chosen with the method of set: the quantity of users,the radix of function set,the change of role’s permissions,the change of user’s roles.It partitions the different conditions that are suitable for RBAC(role-based access control) model or FBAC(function-based access control) model.This paper demonstrates that it is necessary and feasible to adopt different models in complex large system.In this kind of system,it can deal with two methods: cut apart and combine the permissions;use the mechanism of multistage assignment.
出处
《计算机工程》
CAS
CSCD
北大核心
2007年第19期147-149,共3页
Computer Engineering
基金
国家"863"计划基金资助项目(2001AA135170)
关键词
存取控制
RBAC
FBAC
access control(AC)
role-based access control(RBAC)
function-based access control(FBAC)
