The Research On Role-based Access Control In Workflow System

With the development of enterprise information system, access control problems for workflow system attract more and more attentions of researchers. At present, role-based access control model is mainly adopted in workflow-based access control technology. The most important task is expanding the expression ability based on the current RBAC Reference Model, but the task almost always focuses on the expression ability based on permission and role much more than user-set.The aim of exploring an application software system is to provide special service for users in special domain, where users can carry out their responsibility securely and efficiently as a particular role through Man-Machine Interaction. Therefore, to expand the expression ability of the user-set is a very important issue which must be paid much more attention to, especially in workflow-based access control technology. It is a pity that researchers overlook this point. Furthermore, in the research of RBAC application, like workflow system, few researchers think over the effect of RBAC due to implement due to enterprise organization structure.They ignore the characteristic of permission and role in enterprise information system, while how to set role and permission play a very important role in a real system which implement role-based access control.In this paper, many research works have been done on the traditional access control technologies in workflow- management system. By analyzing factors related to access control in the enterprise environment, and presenting organizational structure, a task-role-based access control model with expanded user set is introduced based on using the model of traditional access control for reference. As a result, the expression ability of user-set is expanded and the effect of access control implement is thought over due to enterprise organization structure. Furthermore, by integrating static authorization and dynamic authorization in the same access control system, the new model combines the merit of passive and active security model.The implementation of access control is an other emphasis in the research of this paper. By researching and analyzing various implementation methods of access control, an access control method based on encrypted authorization code is put forward to meet the requirement of application for passive role-based access control in the enterprise circumstance. Encrypted technology is also incorporated into this method to strength the security of data. The realization theory and access mechanism of the method in passive role-based access control are elaborated by an information system development example.The application in active task-based access control of the method is also discussed in the end.The method was applied in Management Information System on the Public Security of Hotel.The system achieved examinations of Police Security & Electronic Production Quality Examination Center(GJJ 062038).And it achieves better effect in the application.