The Design And Realization Of Role-Based Access Control Model For Medical Examination System

Access control is one of the important means of security and protection of the management information system, its main task is to protect the resources of the management information system from the illegal access and use. However, the traditional access control model is that the subject and permissions have operation relationship directly, and the object’s access right is according to the subject’s security level. In the face of the situation that large amount of information, complex structure and frequent staff mobility of the enterprise, this two technique cannot meet the security needs of the management information system. Role-based Access Control can overcome the deficiency of traditional access control effectively, can reduce the management overhead and the complexity of the authorization management, and can provide the administrator with a better security access control strategy.Firstly the paper introduces the role-based access control technology and introduce and analyze RBAC96model that is representative model of role-based access control model, and analyze user-permissions assignment model and role-permissions assignment model. On the base of analyzing the deficiency of the model, the model is improved, for example, limiting the level and method of the role inheritance, limiting the role dynamically, increase the function of role activation, and the improved access control components including authority management, user management, and role management are designed. The problem can be solved and the advantages improved are summarized.Finally, medical examination system is designed and implemented with the improved role-based access control model. This system can protect medical personnel’s information from the illegal and unauthorized access and use effectively, but also greatly reduce the complexity and workload of system administrator’s work. Because the authority is given to roles instead of individual users, so the system can adapt to the internal adjustment of hospital or medical center with a great deal of flexibility. The improved method of limiting the level of the role inheritance and limiting the role dynamically can protect the medical privacy better. System with using C#,.NET and SQL Server2008development technology has the advantages of cross-platform and easy to maintain, and can adapt to the demand for access control of hospital or medical center better.