A Solution Of Privilege Management In Management Information System

In Management Information System (MIS), an important part is privilege management. In privilege management, a core part is access control model. At present, familiar access control models include Discretionary Access Control Model, Mandatory Access Control Model and Role-Based Access Model. But, they are not enough in privilege management of MIS.In this paper, main requirements of privilege management in MIS are analyzed with consisting of requirements of organization management, requirements of privilege present and requirements of access control with conditions. So, a Management Information System Based (MISBAC) Model is raised. In MISBAC model, organization object sub-model, privilege object sub-model, privilege assignment sub-model, privilege present sub-model and privilege view sub-model are described. Organization object sub-model can represent complex matrix organization structures, and Organizaiton Objects can be reduced. There are two. typical reduction Styles that one is the reduction of task oriented and the other is reduction of duty oriented. Privilege object sub-model can represent structure of privilege objects. It includes basic privileges and privilege groups and a privilege group includes basic privileges.Privilege assignment sub-model puts forward ways of privilege assignment in organization objects and privilege objects. In practice, privilege objects can be assigned to all or a part of organization objects. Virtual Form is introduced into privilege present sub-model and can solve implementing of access control of the controlled resources. It can control the access of user interfacethrough Virtual Form Controls Rules and Data Ruels.Privilege view sub-model not only raises performance of privilege session but also forms a data abstract layer, so, other systems only access privilege system through privilege view without understanding details of privilege system.MISBAC has an important feature that it is the low couping in sub-models, so they are easy to restructure, and if privilege view sub-model is not changed, MISBAC can be restructure without destroying other modules of MIS.MISBAC almost meets the demands of privilege management in MIS and enrichs content of access control model and reduces complexity, so, it is very fit in practice.