基于树型角色的访问控制策略及其实现

华南理工大学学报(自然科学版) ›› 2004, Vol. 32 ›› Issue (9): 13-16.

基于树型角色的访问控制策略及其实现

曾明陈立定

华南理工大学自动化科学与工程学院广东广州510640

收稿日期:2004-01-02 出版日期:2004-09-20 发布日期:2015-09-09
通信作者: 曾明（1977－）男助教主要从事智能信息系统集成方面的研究． E-mail:zengm＠scut.edu.cn
作者简介:曾明（1977－）男助教主要从事智能信息系统集成方面的研究．
基金资助:
亚洲开发银行专项基金资助项目（A030208）

A Tree Role -based Access Control Strategy and Its Implementation

Zeng Ming Chen Li- ding

College of Automation Science and EngineeringSouth China Univ．of Tech．Guangzhou510640GuangdongChina

Received:2004-01-02 Online:2004-09-20 Published:2015-09-09
Contact: 曾明（1977－）男助教主要从事智能信息系统集成方面的研究． E-mail:zengm＠scut.edu.cn
About author:曾明（1977－）男助教主要从事智能信息系统集成方面的研究．

摘要/Abstract

摘要： 对于工作职能耦合度高、业务呈交叉状的企业传统的基于用户或角色的访问控制（RBAC）策略已难以实现信息系统的权限管理．文中结合 RBAC 的基本思想提出了一种分层的树型角色访问控制（TRBAC）模型并在应用程序层实现了基于角色的权限管理方案．实践表明TRBAC 简化了用户、角色和许可三者之间的配置规则方便了系统的授权管理．

关键词: 树型角色, 访问控制, 权限管理, 数据库应用系统

Abstract: For the enterprises characterized by high-coupling jobs and crossing businessesit is difficult to implement the administration of information system privilege by utilizing the traditional access control strategies based on user or role．In this paperaccording to the basic theory of the RBAC （Role-based Access Control）a mult- i layered TRBAC （Tree Role-based Access Control） model was presented and a role-based privilege administration scheme was imple-mented in the application layer．The practical example indicates that the TRBAC simplifies the configuration rules of userrole and permissionand makes the privilege management more convenient．

Key words: tree role, access control, privilege management, database application system

曾明陈立定. 基于树型角色的访问控制策略及其实现[J]. 华南理工大学学报(自然科学版), 2004, 32(9): 13-16.

Zeng Ming Chen Li- ding. A Tree Role -based Access Control Strategy and Its Implementation[J]. Journal of South China University of Technology(Natural Science Edition), 2004, 32(9): 13-16.