| In these years, with the extensive application of enterprise information management systems, system security has received an increasing attention. Access control is the key to resolving security issues. Although the DAC ( Discretionary Access Control ) and the MAC ( Mandatory Access Control ) model were applied in a certain range, they showed their limitations. RBAC (Role-Based Access Control) model has been studied deeply and applied in the real system. It cuts the directory connection between the user and the permission. By importing the role, users can get the permissions via the roles, which reduces the complexity of the permission management and supply a better work environment for the system administrator. Therefore, scholars and experts are intersted in the RBAC more.By studying login, permission test, permission assignment and system logs, analysing RBAC in theory, comparing with the other access control model, the necessity of RBAC application in enterprise MIS was proved in this paper. According to the characteristics and the actual needs of RBAC model, the paper introduces the design and implementation of RBAC in the HRM system and CTMM system, designs the program of role differentation, permission assignment, session management, RBAC management.In the large-scale cross-regional networked systems, the RBAC model would ensure the system security, convenient and flexible permission control. The implementation of RBAC in the two systems proved that: the access control based on RBAC not only reduced the workload of permission assignment, but also ensured the system and data security, made the system convenient, flexible, safe and scalability. Makes sure the safty of the system, and also provides a strong security protection for enterprises'business-critical information. |
PDF Full Text Request