Research And Application Of RBAC Model Based On Role In The Insurance Medium System

With the widely using and development of Enterprise Information Systems, people look more important upon the security of system gradually. Access control technology is the key factor of solving security problems. At present most of Enterprise Information Systems adopt traditional methods including Discretionary Access Control (DAC) and Mandatory Access Control (MAC), which have some deficiencies. This paper theoretically and practically studies Role-based Access Control (RBAC) in Enterprise Information Systems. The maim work in the dissertating as following:(1) analyze RBAC concept model, compare it with traditional access control scheme, and demonstrate the necessity of implement RBAC in Enterprise Information Systems.(2) We point out the deficiency of model by discussing the characters and security requirements of Enterprise Information Systems. Then we propose an improved model by adding dynamic constrain ton role, which can control the users'data access range.(3) According the improved model, we design the scheme of RBAC implement, which includes dividing roles, assigning permissions, session management and RBAC and advantages of RBAC administration. We summarize the specialties in Enterprise Information Systems.(4) RBAC model is used to the insurance medium business management information system, by the actual operation of the system and role-based user management, then enhance allocation of authority, and control effectively the user's permission to increase, modify, delete, and query data.