摘要
为解决基于角色的访问控制模型不适用大量用户的信息系统,不能为用户的业务数据进行过滤,安全性不高等问题.提出基于用户组和二维角色管理的安全访问控制模型,将角色权限直接赋予用户组,提高了授权效率,二维角色分为数据和功能两种角色,其中数据角色用来进行用户的选择和数据的过滤,而功能角色用来限定用户进行系统相关操作的权限.通过在内江师范学院科研信息化平台中的初步应用表明,该模型具有"最少数据"、"最小权限"特性,安全稳定,可扩展性好,较强的通用性.
In order to solve the problems of the role-based access control model being not applicable to the information system with a large user population,the business data of users being unable to be filtered,and the security being not high,a security access control model,based on user groups and two-dimensional role management,has been set up,which gives the role authorization directly to user group and thus it helps to improve the efficiency of authorization.Two-dimensional role is divided into two:data and function,of which,the former is used for user selection and data filtering,and the latter is used to restrict users’ permissions from performing system operation.The preliminary application of the model in the scientific research information platform of our university shows that it has the characteristics of"minimum data"and"minimum authority",with security and stability,good expansibility and strong universality.
作者
苟全登
GOU Quandeng(College of Computer Science,Neijiang Normal University,Neijiang,Sichuan 641100,China;Kharkiv State University of Economics,Kharkiv 61166,Ukraine)
出处
《内江师范学院学报》
2020年第2期43-46,共4页
Journal of Neijiang Normal University
基金
教育部高等教育司产学合作协同育人项目(201701028034)
校级科研重大项目(2019XZ01)
关键词
用户组
二维角色
安全模型
功能角色
数据角色
user group
two-dimensional role
security model
functional role
data role
