Research And Application Of Role-based Access Control

With the development of the Internet, internet security becomes more important, access control can control the access to key resources, prevent invasion of illegal users or damage of legal users’ immodesty operation, but the traditional access control can’t meet security requirements. Thus we put forward the Role-based access control (RBAC), it introduces role between user and permission, as a bridge between them, role is defined and it can comply with people’s duty in enterprise, realize the logical separation of user and permission. It can make access control more flexible and reduce complexity of grant management, as well as decrease the cost of management. So it inherits the advantage of traditional access control and at the same time overcomes it’s shortage.This article firstly analyses the Discretionary access control (DAC) and Mandatory access control (MAC) simply and compares with the Role-Based access control. Then describes the RBAC96 model, ARBAC97 model and ARBAC02 model in detail and analyses the features and advantages of RBAC. According to the shortage of RBAC, some improvements are added, we add function for role and permission, using dispersed distributed mechanism, the system administrator assigns authority to lower administrator according to functions, the lower administrator distributes roles and permissions of corresponding function, this mechanism reduces the burden of system administrator effectively. Adds the function of audit, auditor can submit audit report to administrator in order to avoid illegal operation of illegal users. According to the excessive privileges of administrator, we add the role of supervisors, who supervise the assign of permission to roles whoes level is too high, it increase the security of assign of permission. Administrator can forbid some users and add a quantitative restriction to a role, in order to improve the security of system further. Permissions are subdivided into operation and object, we use private permissions which don’t want to be inherited, ensures the fine-grained and selective inheritance of permissions.Finally, this paper describes the implementation process and interface of access control system in the Party system in detail, and then through the test example gives the process of a user access to Party system by access control system.