Rbac Model In The Database Access Control Applications

Access control is a research direction of Database security,Role-Based Access Control is a access control model that it is widely researched in theory and applications now.This paper mainly analyses RBAC96 model family in detail, and brings forward a new extended model-ERBAC in the basis of the model.ERBAC introduces mandatory access control property and audit functions .Mandatory access control is realised in the procedure of assigning permission to role , and role-based access control mechanisms are added session,administration and object audit. In software engineering ,OOA and OOD are popular methods.Analyzing and designing ERBAC Object-Oriented with UML reduces gap between theory model and system developmnet .So the second work in this paper is ERBAC static and dynamic modeling basiclly.In the end,in project of "HeiLongJiang Province Preventing Flood Decision Support System",combining engineer database management sub-system,Database Security Management System (abbr.DBSMS) is designed and developed with ERBAC.In DBSMS,the problem of lacking of roles constraints mechanism is solved with roles rule database through introducing role rules database and mandatory access control propertis in basis of Oracle8i security management,so realise ERBAC model and achieve the standard of access control policy. The research in this paper is general resolvent about access control in database, it has wide significance and applied value in MIS/DSS and the process of government and organisation's information constructing.