摘要
在信息系统的开发与应用中,经典基于角色的访问控制(RBAC)模型存在一定的不足。该文在实现基于角色的访问控制模型的同时,改进了原经典模型的不足,并将这种模型应用到对于资源的管理当中。在实现完整的访问控制过程中,该文分析和实现在两个维度下,功能权限维度与资源权限维度的权限管理和访问控制策略。经过这一分析与设计,将访问控制从系统业务逻辑当中分离,包括功能访问控制与资源访问控制的分离,进而增加了系统的灵活性和扩展性。
A Policy of the Access Control in the In developing and application of information systems, there are some disadvantages in classic access control based--on role of the real application system. This paper shows a application based on the RBAC model and improves the classic model. Then we use this model in the management of resources. In realizing the whole access control, this paper analyzes and realizes the permission management and access control policy in two dimensions, functional permission dimension and resource permission dimension. Via this analyzing and designing, we separated the whole access control from the business p^ocess of systems, including the separation of functional permission and the separation of resource permission. It helps to improve the flexibility and expansibility of systems.
出处
《计算机安全》
2008年第9期41-44,共4页
Network & Computer Security
