摘要
系统内部软件员工多为企业内部员工及部分指定用户,因此必须有一套明确的用户管理及权限分配机制,以杜绝非法用户的访问,并防止系统正常用户发生越权操作。以医疗应用软件为例,阐述了RBAC模型的实现,模型根据用户职位确定用户角色,以角色划分用户权限,并最终应用于实际的医疗系统中。医疗系统中加入基于RBAC权限管理后,保障了数据的安全性及有效性,在实际应用中已经被证明是相当有效的。
Most users of Medical System are staffs in the Medical Corporation. There must be a definite privilege management in the Medical System to avoid the illegal user's accessing, and prevent the authorized users from across-role operations. This paper introduces the implementation of RBAC Model in the medical System. Roles are determined by positions which determine the privileges. After the RBAC model is successfully added to the Medical System, the safety of database and the Medical System is ensured, and it's proved that the application of RBAC model is successful and effective.