摘要
基于角色的访问控制是一种高效安全的访问控制机制,但是 RBAC2001建议标准中没有提出根据单位特征、功能特征和数据特征来细化控制角色指派的详细方法。本文结合 RBAC 模型思想和大型企业信息系统的实际需求,对核心 RBAC 模型进行细粒度的扩充,在单位、功能、数据等维度对模型进行了细化,并给出了实例应用,有效地解决了大型企业信息系统的安全访问控制难以细化的问题。
Role-Based Access Control(RBAC) is a kind of access control mechanism which is secure and high performance. But the standard for RBAC2001 model does not give the method which based the character of department, function and data to control the role assignment. Combining with the idea of RBAC model and the requirement of large-scale enterprise information system, the article make fine grain extension on Core RBAC model, and thinning the role assignment in the dimensionality of department, function and data. At last, this article gives practical application of the rood el, and resolves effectively the question that secure access control difficult to thin in large-scale enterprise information system.
出处
《计算机科学》
CSCD
北大核心
2006年第4期277-280,共4页
Computer Science
