摘要
为提高信息系统中权限分配的适应性和安全性,提出了一种扩展的RBAC权限管理模型,通过采取一种新的类SQL数据限定方法,将权限分配中的功能权限和数据权限进行了有效结合,实现权限分配的通用性和灵活性,并通过三权分离成功解决SQL注入风险及系统管理员权限过高问题。实践证明,该模型具有通用性强、灵活方便、安全性高等优点。
To improve the versatility and security of the rights management in information systems,an extended Role Based Access Control(RBAC) rights management model was brought out in this paper.The distribution of data access rights was implemented through a way similar to SQL grammar.It combined the function rights distribution and data access rights distribution efficiently.It could be used in common circumstances,and was flexible.Based on three management roles separation,it solved the problem that system administrator's privileges are too high and avoided the SQL injection.Practice proves that this model has versatility,flexibility,and high security.
出处
《计算机应用》
CSCD
北大核心
2011年第A02期112-115,共4页
journal of Computer Applications
关键词
信息系统
基于角色的访问控制
权限管理
数据限定
information system
Role Based Access Control(RBAC)
privilege management
data constraint