摘要
针对传统RBAC模型在权限控制中的不足,提出一种基于角色的用户权限管理模型,并阐述了此模型的原理、数据库设计以及在ASP.NET 3.5平台上实现的具体方法。该模型在原RBAC模式的基础上,在用户和角色之间引入部门这一对象,通过角色、部门对功能进行分组,再通过用户和角色、用户和部门的关系,抽象出用户与功能的关系,从而增加权限配置的粒度。此方案已经在北京金融街电子政务系统中得到应用,结果表明这种权限管理方法不但提高了管理系统的适用性和安全性,而且让信息系统的维护和扩展也变得方便和容易。
According to the disadvantages of traditional role-based model in the access control,we propose a new role-based user rights management model,and describe the principle of the model,the design of database and the specific implementation methods in the ASP.NET 3.5 platform.Based on the original RBAC theoretical advantages,the new model introduces an object called department between user and role.Grouping functions by role and department,and then abstracting relationship between user and functions by relationship between user and role and relationship between user and department,the granularity of permissions configured is increased.This program has been applied in the e-government system for Beijing Financial Street,and the result shows that this model improves the applicability and safety of the management system,and makes it convenient and easy to be maintained and extended.
出处
《济南大学学报(自然科学版)》
CAS
北大核心
2010年第2期167-171,共5页
Journal of University of Jinan(Science and Technology)
基金
国家自然科学基金(NSFC-30871964)
教育部新世纪优秀人才支持计划(NCET-06-0122)
教育部创新团队课题(IRT0607)
