| 一种Web环境下改进的权限控制机制 |
| |
| 引用本文: | 李波,黄东军.一种Web环境下改进的权限控制机制[J].企业技术开发,2006,25(4):3-5,11. |
| |
| 作者姓名: | 李波 黄东军 |
| |
| 作者单位: | 中南大学信息科学与工程学院,湖南长沙410083 |
| |
| 摘 要: | 文章对当前权限系统设计过程中的主要权限分配方法:自主型的访问控制(DAC),强制型的访问控制(MAC)和基于角色的访问控制(RBAC)进行了分析和比较,指出它们各自的特点和适用局限性。针对现代企业管理的新特点,作者就管理信息系统中多用户权限控制技术进行了探讨,结合现有权限控制模型,提出并实现了应用程序中基于角色级、部门级和用户级的三级安全控制新模式。实践表明该方法提高了信息系统的安全性和可维护性。
|
| 关 键 词: | Web 基于角色的访问控制 安全 权限控制 授权机制 |
| 文章编号: | 1006-8937(2006)04-0003-03 |
| 收稿时间: | 2006-01-11 |
| 修稿时间: | 2006年1月11日 |
An improved mechanism of authorization control based on Web environment |
| |
| LI Bo,HUANG Dong-jun.An improved mechanism of authorization control based on Web environment[J].Technological Development of Enterprise,2006,25(4):3-5,11. |
| |
| Authors: | LI Bo HUANG Dong-jun |
| |
| Abstract: | The paper analyzes and compares several primary ways to distribute privileges during the current design process of access system such as Discretionary Access Control(DAC), Mandatory Access Control (MAC) and Role-Based Access Control (RBAC), points out their respective characteristics and limitations of their applicability. By taking the new characteristics of modern enterprise management into consideration and combining with the existing access control model, the authors discuss the access control technology of the multi-users information system, present and realize the security control model based on role level, department level and user level in the application. Practical application makes clear that it enhances the security and maintainability of information system. |
| |
| Keywords: | Web |
| 本文献已被 CNKI 维普 万方数据 等数据库收录! |
|
