Role-based Access Mechanism And Applications

With the development of Internet technology and its general application, the demands of the enterprise Information management are more effective and detailed. Mechanism of the permission to access is of paramount importance to the enterprise management information system, and the access to the information system's request can be reasonable judged and the unauthorized users'access to the system or the legitimate users'ultra vires visit can be effectively prevented by an ideal access control mechanism. Discretionary Access Control (DAC), Mandatory Access Control (MAC) and Role-Based Access Control (RBAC) are common access control models which have been generally used in the current information systems. In the model of the RBAC which by combining the advantages of the DAC and MAC and by introducing the concept of role, the users and the permissions can be logically separated and the license management can be simplified. Because the management of the organization which in the real world and in the real situation can be wonderfully reflected by using the model of the RBAC, the RBAC model has been widely used in a various management systems.Through analyzing and researching the DAC, MAC and RBAC models detailed, two improved RBAC models are proposed through the thesis.The SP-RBAC model and the M-RBAC model by which the problems of the temporary permission to the users and the users can not have multiple roles that can not be solved in the management information systems which are based in RBAC models can be solved well. Combing the advantages of both the SP-RBAC model and the M-RBAC model, the R-RBAC model has been proposed in the thesis, then the basic concept of the model and the structure and application of design principles of the model have been explained. Compared to the RBAC model, by absorbing the merits of the SP-RBAC model and M-RBAC model, not only the roles of users of the permissions can be managed flexibility, but also the risk of the proliferation of the roles of users permissions can be prevented.In the end of the thesis, the large-scale enterprise management information system design and implementation have been described, and the permission management module has been designed detailed which is including role management, departmental management, user management, privilege management, temporary roles management and set of permissions management. Combining all the modules that described before, the system has been applied to achieve.