Design And Implementation Of RBAC Permissions Mixed With ACL Management System

Access control is a kind of method which can limit the subject’s access ability and rangeto object explicitly. Rights Management Systems can use some kinds of RBAC to manageusers’ capability in systems, in order to ensure the security of the system. In this passage,Rights Manage Systems use RBAC model to achieve an activity which is users get the otherrole’s access permission by acting them, and this system also using ACL model to achievedistributing authorities to users directly. The design of mixing those two models is a kind ofdesign combining special requirements of backup system and features of those two models,which has many innovations and practicability.This paper will detailedly introduce using C++to design and achieve multi-strategy RightManagement System in LAMP platform. The system mainly contains some big moduleswhich are WEB module, permission examine module, rights management module, rightsservice module and rights data saving module, etc. WEB module is used to giving feedbacksof results of rights operations. Also, using the design of integration design of WEB moduleand function authorization can achieve dynamic customization of system interface. Rightsexamine module monitor legality of behaviors in the system through many authenticationmechanisms, which means messages in WEB port can only transmit to background serviceprogram by passing the right examine. The rights management module has three submodules:RBAC achieving module, ACL achieving module and license management module. Thismodule mainly achieving multi-strategy authorizing to users rights. Rights service moduleand rights data saving module form the basic module to maintain system rights data.This system is to realize the automatic monitoring and audit control, tend to be morerationalization of the whole system design. Implementation is based on layered ACL resourcesubsystem, the user permission and access to resources which contains all the resources to getthe resources permit. Implement permissions multichannel authentication mechanism, throughthe interface and the background of dual authentication mechanism to ensure the safety ofsystem, and based on the hierarchical classification method of resources, resource permissionslayered inspection scheme. System in constructing a rights management system, mainly inorder to manage users in the system capacity, effectively prevent legitimate users in thesystem through a permission check abuse of authority, the illegal user unauthorized behavior,such as the operation system security, but also guarantee the safety of important backup databackup recovery system. Using role-based access control is in order to achieve the userthrough the role and the role permissions management way, and the access control list isdirectly to individual users access control. The combination is fully according to the characteristics of the model and the specific requirements of the disaster backup system, putsforward the innovative and practical management methods. Project ultimately achieve astrong flexibility, wide range and high level, integrating function and performance of rightsmanagement system, reduce the enterprise management cost and maintenance costs.Through the test, the system has full functions and a good running condition. Now it’salready launched online. The new authorizing module combining both RBAC module andACL module mentioned in this paper provide a good solution to rights managements systemin future. At last there will be a strong, open end, reasonable and flexible rights managementsystem, which can lower the managing cost in a great extent.