摘要
提出了一种新的以基于角色的权限管理方法为主的信息系统权限管理方法(DERBAC),解决了现有权限管理方法存在适用情况限制的问题,使之比基于角色管理的模型具有更高的灵活性,弥补了基于角色管理的模型在系统规模较小时显得比较繁琐的不足,也克服了自主访问控制方法给系统规模扩大造成的不便。当信息系统规模发生变化时,能很好地提供有效的应用级权限管理。同时,还详细讨论了如何利用关系数据库来实现的方法。
A method of privilege management in information systemDiscretionary Enhanced RoleBase Access Control (DERBAC) is presented and the applicable restriction problem of existing methods in dealing with Privilege management is solved. DERBAC is based on rolebased access control. Compared to traditional RBAC, DERBAC is more flexible and efficient. It atones for the drawback that the traditional one is not fit for small system. It also conquers the inconvenience of upgrading the system with DAC. This method is efficient in any system whether it's large or small. On the condition of system size changing, provides efficient application-level privilege management. How to implement DERBAC with RDBMS is also introduced.
出处
《重庆大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2003年第11期91-94,共4页
Journal of Chongqing University
