基于RBAC改进模型的角色权限及层次关系分析

针对著名的RBAC96模型的不足之处,结合私有权限、部门权限和权限属性变化等问题,对角色权限及角色层次关系进行了分析,提出了一个改进的角色层次化关系模型.该模型引入特征权限等概念,通过定义一般继承、私有化继承、公有化继承和无特征继承等新的角色继承方式建立角色层次化关系模型.新模型比RBAC96模型更加简化和易于理解,且具有更强的可伸缩性,特别适合于在复杂的角色层次关系中应用,例如网络操作系统、大型数据库、分布式应用等.

An Analysis About Role Permission and Role Hierarchy Based on an Improved Role Based Access Control Model

Combined with the issues of private permissions, department permissions and changes of permission types, subjects of role permissions and role hierarchies are analyzed in more depth and an improved role hierarchy model for role based access control (RBAC) is introduced against the imperfections of the famous RBAC96 model. Some new concepts such as special permissions are presented in the model. Concepts like normal inheritance, privatizing inheritance, publicizing inheritance and special-without inheritance are defined, thus a new role hierarchy model is formulated. It is simpler and more comprehensible to describe the same role relationships in the improved model when compared with RBAC96. It is more flexible, and more suitable to be used in large-scale role hierarchies such as operating systems, DBMS, distributed applications, etc.