Research And Design On Unified Modal For Web-Based User Management And Access Control

Arise from the beginning of the 1990s, and the basic idea of Role Based Access Control (RBAC) is: allocate the permissions of resources access to the role; assign the appropriate roles to users according to the functions and responsibilities of that user; the role played as a bridge between users and resources. It supports Principle of Least Privilege, Separation of Duty and Data Abstract, widely used at the large-scale application system. In the academic community, RBAC is also a hotspot; Sandhu's model of (RBAC96, ARBAC97, and ARBAC99) in the University of the George Macron in United States has the largest impact.While RBAC can solve the question of general permission problem, there are still some imperfections in the use of management information systems in more difficult environment in the large enterprises and organizations. For example, many of the specific implementation of RBAC can only achieve to control business permission, the data permission control is weak or poor; control of the authority is too coarse granularity, and cannot achieved exquisite control; many permissions system are low efficiency which need too many visits to the database, the system response time is greatly influenced by the RBAC; most of such system does not meet the non-centralized management requirements of organizations and enterprises, and does not support dynamic permission of the work flow and the dynamic role, and so on.This thesis improved the model based on core ideology from the RBAC96, ARBAC97 model, and introduced the management domain's ideology and use rule policy to relate Subject and Object, proposed manage domain and rule policy based ARBAC model, the DR-ARBAC model, to satisfactorily resolve these problems.According to characteristics of management information system in the web applications, together with specific needs between polar scientific database system in Polar Research Institute of China and the Shanda Digital Campus project in Shanghai Shanda Institute, this thesis analysis and give a concrete realization of model DR-ARBAC, and transparently applied to the newly developed system to achieve authority of non-centralized management, ensure relatively uniform access control within different organizations with lower side effect, also provided support for the data permission, dynamic permission and dynamic roles in work flow.Regard to scalability and flexibility, DR-ARBAC model itself also provides the expansion point; the rule policy of this model can be extended to support the management information system in permission of the complex and volatile business requirements.