| With the development of the network,information technology and distributed computers,more and more devices connecting to the Internet.more and more information being shared on the network,the problem of network control of equipment and information and the problem of secure access control have becoming increasingly important.On the other hand,it is necessary to centralize the administration of device and security system in order to enhances the security of facilities,systems,networks,information and so on.Furthermore,because of the enlargement of the capacity and complication of network,it needs large number of administrator with different level to manage the network distributed.With this needs,the network control system with multiple levels has designed.Permission management and access control of the system play a very significant role in network control system,which guarantees the system operating safely.With the network access coming to be large and complicated,it needs permission management system comes to be easy for administrator to configure the permission of all users and convenient for the operation of access control.It needs upper center to issue the configuration to the lower center,and then the administrator in lower center examines and confirms to update.In this system which has multiple level center,there are only few administrator of upper center who is permitted to configure the permission of all users.To meet the needs,this thesis designed and realized a permission management and issuance in network control system which has multiple level center.The main work of this thesis including:1.Designed permission system based on RBAC model.It includes registration of users'information,definition of roles and roles,classification of roles,configuration of users'permitted operating device.The database tables are designed concerning both efficiency and convenience of operating.On the other hand,this design permits administrator make self-definition and self-coding of this information without conflict to the existence.2.Designed a access control system based on that permission system.When a user make a command to one device,this system will analyses this command and determine whether the user have this permission or not with the permission information.If the user has that permission,the command will send to the target device.Or the command will be rejected.3.Designed the reform and issuance system of the update information.This system can check the addition of the permission information periodically,generate document of excel sheet and send the document to lower center.The lower center will check the new document issued from upper center and reform administrator to confirm the new update if there is.The advantage of this design is that,it meets the presented projects'needs to design a permission management system.Compared with the presented fine grained permission management system with normal RBAC model,this comes to me more fine grained.The accuracy of the management will come to one command of one device.Furthermore,the different users on one device could define different levels,in order to the conflict elimination.On the other hand,this system can make administrator in upper center manage the access permission of user in lower center,which decrease the number of administrator permitted to manage permission of users.It can enhance the security of this system... |
PDF Full Text Request