摘要
分析并比较了当前权限系统设计过程中主要的权限控制模型,指出了各自的特点和应用局限性。针对当前Web应用系统中存在的用户变化较多而角色相对变化较少的情况,提出并实现了一种扩展了的基于角色的访问控制方法,能够根据登录用户权限的不同生成不同的用户界面,并给出了该方法在项目开发中的实际应用。项目开发的实践结果表明,该方法可有效地用于Web应用系统的权限控制管理中。
Major access control models used in the process of current access control systems are analyzed and compared, and their individual characters and limitations in applications are pointed out. In view of the situation existing in web application systems that users change more frequently than roles, an extended role-based access control method is provided and implemented, which is able to provide different logged users with different user interfaces, according to their access-fights. At last, an application of this method in the development of a project is presented. Practice in developing a project indicates that this method is effectively used for access control management in web systems.
出处
《计算机工程与设计》
CSCD
北大核心
2008年第10期2550-2553,共4页
Computer Engineering and Design
关键词
角色
用户
界面
权限
基于角色的访问控制
role
user
interface
access-fight
role basedaccesscontrol (RBAC)
