Research And Application Of RBAC Model In Management System

The access control mechanism plays an important role in the enterprise application security. However, the traditional access control can not meet the requirements of the complicated business environment. Since the 1990s, the theory of RBAC (Role-Based Access Control) model has been under extensive investigation and also has been used in system of reality. It assigns permissions or privileges to roles, so users and permissions are logically separated. With the help of roles as main body, users could be access to the resources by roles. This technology greatly decreases the complexity of authorized management and provides a better management environment to managers. At present, there exist so many issues: the high turnover of employees, the complexity of organization structure which has led to, the less flexibility of access assignment the high cost of maintenance and etc as a consequence. So we should make improvement in the theory and practice techniques of the system development to solve the problems. Therefore it is important to propose an extension model based on the available RBAC to get high reusability of the software.The primary works and innovation of this thesis dissertation based on theory and practice can be concluded as follows:1. This thesis firstly introduces three strategies of access control: Mandatory Access Control(MAC), Discretionary Access Control(DAC) and Role-Based Access Control(RBAC). It emphasizes on the concept, advantages and disadvantages of RBAC.2. This thesis provides the corresponding solutions in accordance with the present management situation of enterprises and the basic RBAC model. Discussion will be carried out as the following three aspects: (1) Introducing the concept of user groups and grouping the users. (2) Introducing the authorization of departments and decreasing the authorization operations. (3) Giving the corresponding privileges to users to adapt the assignment of temporary access. Thereby this thesis proposes a new access control model. It analyses the structure, principle, access mechanism and characteristics of this new model.3. This thesis also analyzes the technologies used in the process of system development. It mainly describes the available MVC model, Struts and Hibernate architecture. Then it provides the architecture of the integrated application using Hibernate and Struts.4. In practice, this thesis develops an access management system prototype based on extended RBAC model. It mainly uses the extended RBAC model based on the Struts and Hibernate architecture. Finally, it implements a technical communication platform as an instance of extended RBAC system to make a good illustration of the extensibility of this access management system.In conclusion, the extended Role based access control technology used in the large-scale enterprise information management system has the characteristics of high security, strict access control and has a high application value via analyzing, designing and implementation in this thesis.