关键词: 访问控制 基于角色的访问控制 角色组 功能角色 行为角色 数据角色

Abstract:

Traditional role-based access control can not filter the functional entities, data operations and business data at one time, because it has only one s  et of roles. To resolve this problem, we extend it by importing the concept of role group and defining three role groups, i.e. functional role group, be  havioral role group and data role group. Functional roles are used to filter the functional entities; behavioral roles are used to restrict the data ope  ration activities; and data roles are used to filter the business data. We assign at least a functional role, a behavioral role and a data role to every  user, so as to ensure only the authorized user can do the authorized data operation activities on the authorized data. Applications indicate that, the    extended role based access control model possesses favorable expansibility, adaptability and flexibility, and it can be used as the access control model    for complex information systems with a high demand of data security.

Key words: access control, RBAC, role group, functional role, behavioral role, data role