摘要
基于RBAC的访问控制模型能有效弥补DAC和MAC的不足,而多数信息系统要求用户权限必须灵活控制、统一管理、可维护。据此提出改进的RBAC控制模型,即将全部数据资源以业务功能模块表示,并授予各预设的角色,用户临时需要的权限则直接授予或撤销。该改进方法已经在实际项目中得到了应用。
Role-Based Access Control (RBAC) model can make up the insufficiencies of DAC (discretional access control) and MAC ( mandatory access control), whereas most information systems seek the user's privilege must be flexible control, uniform manage and maintainable. A new betterment model for RBAC is presented based on the analysis of the speciality access control in information system. All data resource are expressed by operation function modules, and privileges are awarded to roles which are setup beforehand, user's temporary privilege can be granted or revoked. The improved model has been applied in a project.
出处
《计算机应用与软件》
CSCD
北大核心
2008年第12期284-285,共2页
Computer Applications and Software
基金
军事后勤科研计划课题(需040126)
关键词
信息系统
访问控制
角色
权限
Information system Access control Role Privilege
