Rbac Extended Rights Management System Model Based Design And Realization

In recent years, with information technology in modern society, a wide range of applications, system security issues are becoming more and more attention by the user. Emerging technologies to maintain system security, including access control technology to solve security problems as one of the key technologies. Deepening the theory on the basis of relevant applied research has also been a great development, and the formation of the U.S. National Institute of Standards and Technology (National Institute of Standards and Technology, NIST) role-based access control (RBAC) model. But with the RBAC model in a large, multi-user multi-functional system widely used, its shortcomings began to be felt.The major research work is to analyze the role-based access control (RBAC) model can not be solved with the same role (for example: post the same user), but not while they are responsible for the department to undertake different operations, access to the system resources should be different, that is, access to a large size, the resource instance can not access control management. Therefore, this study was to investigate the role based access control (RBAC) model extended by introducing the concept of the role of scope to (user, role, scope) triples to identify the user's access rights, in order to RBAC model can not solve instances of resource access control.This study's results extend the RBAC model is successfully applied to the Air Express integrated resource management system of rights management subsystem design and development to improve the security of information systems, and make rights management algorithm is simple, to grant flexible, easy to operation and maintenance easy. Through practical application, this article is designed to extend the scope of RBAC-based program can solve the application of the system user access rights management, large-grained user access management issues, to distinguish between the user's actions and isolation, and further define the the user can operate the resources roles, while also allowing users to complete their specific task with only the permissions necessary to avoid too large for users with access permissions to system resources, thereby ensuring the implementation of the principle of least privilege, for large application of rights management system provides a new way of thinking.