System and method for role-based access control

Abstract

The invention discloses a system and a method for role-based access control. The system comprises a request initiator, an access control executing mechanism, an access control decision mechanism and a target resource, wherein the request initiator sends an access request to the access control executing mechanism, the access control executing mechanism transmits the request to the access control decision mechanism, the access request is transferred to the target resource according to the decision result of the access control decision mechanism, the access control decision mechanism obtains the role information of the request initiator according to a user information table and a role information table after receiving the decision requirement, the role of the request initiator is verified to have the right to execute the access request or not through checking the user role table and a role right table, the access request is judged, and the decision result is fed back to the access control executing mechanism. With the adoption of the system and the method, the right management and distribution work are simplified, so that a role-based access control mechanism in a software system is close to the practical conditions of an organization.

Description

technical field [0001] The present invention relates to an access control technology, in particular to a role-based access control system and method. Background technique [0002] Access control technology is mainly to verify the legitimacy of user access. Its main function is to control the use rights of system resources, such as controlling which classified information and operations legitimate users access. It plays a decisive role in restricting users' access to key resources, preventing illegal users from invading, or damage caused by legitimate users' inadvertent operations. [0003] Role-based access control technology is a relatively mature access control model at present. Its main idea is to associate access rights with roles, and associate users with access rights by assigning appropriate roles to users. figure 1 It is a schematic diagram of a typical RBAC model. The model is defined as follows: [0004] The model is defined as follows: [0005] U: User, R Rol...

AI Technical Summary

Problems solved by technology

[0011] However, the above-mentioned RBAC model has the following disadvantages: 1. It is generally applied to operating systems and database systems, but it is rarely used in specific application systems; 2. The problem of mutual exclusion of roles is not considered.

For example, two roles have different responsibilities and cannot be owned by one user at the same time. The cashier and accountant of the financial department are simple examples of mutually exclusive roles; 3. The limitation of the role base is not considered. The role base of the role of general manager is 1; 4. The inheritance of user roles is not considered

Images