摘要
文章对当前权限系统设计过程中的主要权限分配方法:自主型的访问控制(DAC),强制型的访问控制(MAC)和基于角色的访问控制(RBAC)进行了分析和比较,指出它们各自的特点和适用局限性。针对现代企业管理的新特点,作者就管理信息系统中多用户权限控制技术进行了探讨,结合现有权限控制模型,提出并实现了应用程序中基于角色级、部门级和用户级的三级安全控制新模式。实践表明该方法提高了信息系统的安全性和可维护性。
The paper analyzes and compares several primary ways to distribute privileges during the current design process of access system such as Discretionary Access Control (DAC), Mandatory Access Control (MAC) and Role-Based Access Control (RBAC), points out their respective characteristics and limitations of their applicability. By taking the new characteristics of modem enterprise management into consideration and combining with the existing access control model, the authors discuss the access control technology of the multi-users information system, present and realize the security control model based on role level, department level and user level in the application. Practical application makes clear that it enhances the security and maintainability of information system.
出处
《企业技术开发》
2006年第4期3-5,11,共4页
Technological Development of Enterprise
关键词
EB
基于角色的访问控制
安全
权限控制
授权机制
Web
role based access control(RBAC)
security
access control
authorization mechanism
