摘要
在研究RBAC访问控制模型的基础上,设计了一种可配置的权限管理系统,并将其应用于大型企业信息系统中。在该系统的设计过程中,详细讨论了安全控制中的资源对象、权限划分与角色定义,并引入了组织结构、业务流程和应用分类等概念对RABC基本模型进行扩展。利用j2ee平台的优点以及acegi框架在权限控制方面的既有成果,实现编程人员与业务人员的分离,通过对资源符的操作,来实现系统中不同人员的不同访问权限。
A privilege management system, which is used in large-scale enterprise information system, is designed based on the study of RBAC access and control model. In the design works of this system, it discusses the object in the security control of resources, the competence of privilege, and the role of competence defined in detail. The design also introduces the concept such as organizational structure, business processes and application categories which can expand the basic model of RABC. The paper realizes the separation of programming staff and operational staff by making use of the advantage of J2EE platform and the existing achievements of Acegi framework in the respect of privilege control. And it achieves different access privilege of different person in the system through the operation of the resources symbol.
出处
《信息通信技术》
2008年第6期31-36,共6页
Information and communications Technologies
