Design And Implementation Of RBAC System Based On SaaS Model

Access control is a very crucial method in enterprise applications, which relates to theperformance and security of the whole system. Currently, Role-Based Access Control (RBAC)is the main access control model. Comparing to Discretionary Access Control (DAC) andMandatory Access Control (MAC), RBAC has more flexibility and expansibility. However,existing RBAC model still has many problems in theory and application. In this paper, Iraised my solutions to the following three problems.First, large-scale enterprise application has thousands of roles and permissions. Rolehierarchy and exclusive mode in traditional RBAC make the relationship of roles andpermissions very complicated and make it hard to manage permissions efficiently. In thispaper, I introduced concept of Role Group according to this problem and a new RBAC modelframe. In this new model, Role and Role Group will be controlled at the same level. And alsoisolation of responsibilities will be controlled in single permission.Traditional access control is embedded into system directly. Developers need to considerpermission module separately, which consumes huge amount of time on debugging andconfiguring. In this paper, I introduced Software as a Service (SaaS) into RBAC model, whichseparates access control from system and provides useless interfaces to web system. And thenan access control system will be able to provide access support to many different web systems.Users only need to invoke corresponding interface, provided by SDK, to send permission datato the cloud-based server. And then the server will process the data and send result back tousers for validation. Furthermore, cloud-based server also can return permission data to users.Customized labels, provided by SDK, will determine what to display according to these data.This system adopts Web server, which uses HTTP and follows REST principle.Comparing to traditional Web framework, REST has a well-designed framework andresource-centric concept. Manipulations of REST include getting, modifying, creating anddeleting resources. These manipulations correspond to GET, POST, PUT, and DELETEapproach provided by HTTP. We can manipulate resources by operating their forms ofexpression.