摘要
针对复杂信息系统中因角色数量多、用户职责属性经常动态改变等导致访问控制复杂的问题,在充分考虑用户的组织形式与授权关系的基础上,以用户所在机构、用户分组信息为角色分配主体,同时增加信息系统中资源访问操作权限范围限定,改进了RBAC模型并设计了实现改进模型的数据关系。实践结果显示,改进模型不仅可以方便地完成机构和用户组职责改变时对所涉及用户授权的修改,而且可以快速响应因人员职责属性改变引起的授权修改,同时能够灵活地完成资源访问操作权限的控制。
To the complexity control problems in a complex information systems which was usually caused by the management of large numbers roles and the dynamically changing of the user's responsibilities attributes,in this paper,we based on the full consideration of the relationship between the user's authorization and the form of the use's organization,used the organization and group as the main body to assigned the roles,and increasing the resource access permissions scope defined in information system,we proposed an improved RBAC model and designed the realized data relationships.Practical results show that not only can be easily complete the authorization which caused by the responsibilities changing of the organization and groups,and can quickly respond to the change of the property caused by the personnel duty,at the same time can flexibly achieve the resource access permissions.
出处
《计算机科学》
CSCD
北大核心
2014年第S1期429-432,共4页
Computer Science
基金
国家自然科学基金项目:云计算环境下双模型驱动的面向软件动态演化的建模与分析(61379032)资助
关键词
RBAC
访问控制
权限管理
资源管理
用户组
Role-based access control,Access control,Authority management,Resource management,User group
