Research And Application Of Extended RBAC Model On The Permission Control

With the widely using and development of Enterprise Office Information Systems, people look more important upon the security of system gradually. Management of user authority is an important component of most application system, and the effective control of authority guarantees the success of deployment of application systems. So management and control in Enterprise Office Information Systems becomes a critical problem of this paper.At present most of Enterprise Information Systems adopt traditional methods including Discretionary Access Control (DAC) and Mandatory Access Control (MAC), which have some deficiencies. After researching and analyzing current prevalent theory of access control, this paper decides to adopt Role-Based Access Control (RBAC) strategy into Enterprise Office Information System as a basic theory.This paper extends Role-Based Access Control against the shortcoming of the traditional RBAC in the practical application and puts it forward Enterprise Office Information Systems in China. It keeps the strongpoint of RBAC and introducts a new entity which names department between user and role. It subdivides objects to configure different permissions to different objects so that enhancing granularity of permission configure. It adds priority of role inheritance and role authorization to avoid authorization conflict, adopting a flexible way of authorization including role authorization and user authorization so that avoiding redundancy of roles. In addition, it extends kinds of constraints.This paper carries out detailed design on RBAC model, combining the characteristics of Enterprise Office Information Systems, using extended RBAC model. It includes user design, role design, permission design, authority design, constraint design, and so on. This paper also carries out detailed design on database of permission authority management system and function model. At the aspect of authority certification, this paper implements it with Aspect-Oriented Programming(AOP) technology, so that verification management does not separate with Privilege Management System. Finally, this paper takes examples of Office Information System for Harbin Municipal Bureau of Commerce, and specifically expounds the course of analyzing, designing and implementing RBAC scheme in Enterprise Information System. It also demonstrates that the scheme is feasible in Enterprise Information Systems.