Research And Application Of Fine-grained Access Control Mechanism Is Based On Resource Properties

With the increasing level of information technology and application system complexity, as well as facing more fine-grained and flexible resource access demands, it has an important research and application value to access and control digital resources effectively, realize fine-grained authorization of resources and to make the process more convenient and flexible. Current application-level access control method is mainly based on the RBAC model, which can effectively reduce the complexity of the authorization, support flexible corporate security polices and has a good elasticity for the changing needs of access control of enterprises, thus achieving a kind of coarse-grained access control. In order to refine the access control granularity of permissions on the resources, improve the information security level to meet the user requirements for more specific, precise and individual resource access control, it is necessary to research its methods.This thesis is supported by "13115" major scientific and technological innovation platform projects of Shaanxi Province, namely,"the document digitization and resource sharing platform". Through researching the access control mechanism and analyzing platform resource access control requirements, established a fine-grained resource authorization mechanism based on resource attributes and realized in the LAMP development environment using the ThinkPHP technology. Specific include the following contents:(1) Studied the role-based access control methods-RBAC model and resource granular authorization mechanism, established a fine-grained resource authorization mechanism based on resource attributes. The mechanism makes digital resources authorization granularity more refining to the resources’attribute level in view of the user authorization requirements and realizes screening of the user through a variety of user characteristics and effectively improves the efficiency of resource authorization.(2) Analyzed the requirements of resource authorization in the documents digitalization and resources sharing platform, established the design principle and target of resource authorization in the platform, completed the design of the related function about resource authorization in the document digitalization and resource sharing platform.(3) The fine-grained resources authorization mechanism based on resources’attributes is applied to the document digitalization and resource sharing platform. Completed database design of resource authorization’s function module and the development work of the relevant function module, realized authorization control of resource attribute level and made a outlook for the further research work of the fine-grained resources authorization mechanism.