摘要
针对网站内容管理系统中面临的安全性管理要求和其在软件应用中的不足,在分析基于角色的访问控制技术原理的基础上,研究了改进方法。根据目前权限控制存在的缺陷,提出了基于用户-角色-功能的个性化权限控制模型,实现了根据用户的不同分工灵活组装功能来定制界面。该模型有效地保证了信息系统数据的安全性,具有很强的通用性和扩展性。着重详细介绍了模型的设计思想,权限管理的框架、数据库设计和用户界面的动态生成。系统运行结果表明使用这种控制方法,不同身份的用户登录验证后具有不同的交互界面,提高了系统的易用性、交互性和健壮性,丰富了业务逻辑控制细粒度。
On the basis of the security requirement of a website content management system, The analysis of role-based access control technique, based on research to improve the method. According to the current gaps in access control, based on the user-role-functional personalized access control model, the realization of a different division of labor according to the assembly of the functional flexibility to customize the interface. The model effectively ensure the information systems data security, has a strong versatility and scalability. Focus on detailed design of the model, a framework for rights management, database design and user interface dynamically generated. The results show that the system using this control method, different users log on to verify identity after interaction with different interfaces, to improve the system's ease of use, interactive and robust, rich fine-grained control of the business logic.
出处
《电脑开发与应用》
2009年第10期17-19,共3页
Computer Development & Applications
关键词
RBAC
权限
细粒度
角色
Role-Based Access Control, permission, fine grit, role
