摘要
介绍一种基于角色的访问控制模型,分析了RBAC96中的角色层次模型和私有权限问题,并指出Sandhu's解决方案的不足.提出了一种改进的角色层次模型用于改善RBAC96,并提出一些新的概念,比如:公有权限、私有权限和继承范围.在新的角色层次模型中,上级角色从下级角色继承公有权限,但不继承私有权限.新的角色层次模型对相同的角色层次关系的描述比RBAC96更简单和易于理解,且适合应用于具有更多、更复杂的角色层次关系,比如:操作系统,DBMS,分布式应用等.
In this paper,we introduce the role-based access control model, analyse the role hierarchy model and the problem of private permissions in RBAC96, and point out the disadvantage of Sandhu's solution. An improved role hierarchy model is introduced against the drawback of RBAC96;some new concepts such as public permission, private permission and scope of inheritance are presented in the model. In the role hierarchy model, the senior role inherits public permissions from junior role but not private permissions. Thus a new role hierarchy model is for mulated. It is simpler and more comprehensible to describe the same role relationships in the improved model than the RBAC96. It will be flexible and suitable in large-scale role hierarchies, such as operating systems, DBMS, distributed applications, etc.
出处
《江西师范大学学报(自然科学版)》
CAS
2004年第1期11-14,共4页
Journal of Jiangxi Normal University(Natural Science Edition)
基金
江西省自然科学基金资助项目(0311036).