| As the traditional RBAC model is not good enough to deal with the implementation of multi-level authorization management in large-scale enterprise applications, an improved RBAC model—AD_RBAC based on autonomy domain is proposed. It introduces the'autonomy domain' concept to describe the organization structure formally and construct its descriptive model. AD_RBAC extends the concept of group in RBAC, dividing it into administrative group and normal group, which enhance the expressing capability of group. This model adopts organization structure domain description model to construct groups and group hierarchy as well as define group types, maps users into different groups according to their respective organization units, and manages user authorization from system and group levels. All these contribute to the simple and intuitive realization of multi-level user authorization management, which conforms to the actual authorization strategy of enterprise, disperses user authorization, and reduces workload of system administrators.Taking the classification of all various protected resources as the basis and AD_RBAC as the authorization management model, this paper designs and implements a general fine-grained access control framework (FGACF) according to the access control features of all types of resources. This System adopts filter, custom tags and aspect-oriented programming (AOP) technologies to achieve all variety of resources' access control. Implementing system's access control using FGACF can not only control the display of page elements, but also reach the field access control granularity for business data.In practice, Client applications are free to choose access control granularity and storage methods of access rules through writing configuration files, which fully reflects the simplicity, ease of use and good scalability of FGACF. |
PDF Full Text Request