| With the rapid development of information technology and network, information security has become an urgent problem to be solved now. Access control is the most effective means to solve the information security. Through the access control, it controls user access to information, limits the number of people access, and controls access to information and use information. Only the authorized users can access the information, blocking the dissemination of information, so information security is improved, and so that information security is guaranteedFirst of all, this paper introduces the commonly used method of access control:its own access control, mandatory access control and role based access control. Its own access control and mandatory access control are traditional access controls, role based access control is a new type of access control. With the development of information, the traditional access control has been unable to meet the current information system access control, hence putting forward a new access control is need. This method is not the direct grant permissions to users, but introduction of the role between users and permissions, the permissions are granted to role, and for users to roles. By this way, indirect the permissions are granted to users.Secondly, this paper presents the role based access control of expansion, which is to expand for object-resource of access in system puts forward the resource model. It puts forward the definitions of abstract resource and resource bundles and discusses the concerns of the resources in the resource model. The paper expands for the operation object-resource, but the operation closely links to resources in the original model has been unable to meet the current development model, so it expand for the operation and puts out operation model. In the operating model, it gives definitions of the abstract operations and operational beam and discusses the relationships of operations. In the resource and operation, discusses the relationships of resource and resource bundles, operation and operation beams. At the same time, in order to make the resources and the role directly connected, through the character level and resource level, linking the role and resources, only the character level greater than or equal to resources, the role can access resources.Thirdly, this paper is to expand for access permissions. In the authorization model, this paper analyzes the relationship between the authority and operation, puts forward split permissions, splits into permission components, quantizes the components, and then calculates it. It final compares with the size of two characters corresponding to the authority, prior to the authorization, it compares the size of only the permissions, permission is granted permissions that are larger than the current, authorizes operation, thereby reducing the workload and authorized operation.Finally, this paper verifies the proposed model, designs the new permission management system of Yunnan University educational system. |
PDF Full Text Request