RBAC (Role-Based policies Access Control) accessing control model based on organization

Abstract

The invention provides an RBAC (Role-Based policies Access Control) accessing control model based on an organization. The RBAC accessing control model comprises users, organizations, roles, objects, operation, conversations and constraint, wherein an organization concept is introduced; each organization is a core and a basic element of the model; all the objects and roles are attached to one certain organization and have only one owner; one organization can own a plurality of users, a plurality of roles and a plurality of objects; the organizations have a leveled relation; the roles of one organization can be given to the other organization to use through authorization between the organizations. The RBAC accessing control model has the beneficial effects that a strict safety strategy can be applied and the authorization requirements of a flexible and complicated system are met; a hierarchical authorization problem and a problem of organizing and managing various object organizations in a complicated system are solved effectively; the RBAC accessing control model can be used for conveniently organizing and managing the objects; dynamic objects are introduced, so that the adaptability is enhanced.

Description

technical field [0001] The invention relates to the technical field of rights management of software development, in particular to an organization-based RBAC access control model. Background technique [0002] With the rapid development of information technology, especially the development of the Internet, and the continuous deepening of enterprise informatization, the information objects in the enterprise have shown exponential growth, and the sharing and reuse of cross-departments in the enterprise have become more and more extensive. Application security and data security It has been greatly challenged, and IT security issues have become increasingly prominent, and have been increasingly valued by relevant personnel. Although system security issues can be found and remedied through post-event audits, a better way is to control from the source and prevent accidents. Before it happens. [0003] There are two main models of early access control: discretionary access contro...

AI Technical Summary

Problems solved by technology

This is a policy-independent, non-autonomous access control model. Users can only passively accept permissions, but cannot actively grant permissions to others. Currently, the RBAC reference model is the most widely used model, but this model is used in complex organizations. There are deficiencies in the application system of institutions and a large number of users, mainly in the following aspects: (1) The traditional RBAC model cannot satisfy the situation that the authority is associated with the organization in the authority allocation and role allocation, and cannot satisfy the flexible and complex system Authorization requirements, there is a problem that the system administrator authorizes other organizational departments beyond authority, and there is a problem that it cannot conveniently and effectively support hierarchical authorization; (2) For complex systems, when there are many objects, it is inconvenient to manage and organize objects and related operations; ( 3) It is a static model and cannot meet the dynamic needs of special circumstances

Images