摘要： 针对权限系统中存在角色授权策略单一和授权冲突的问题，设计IPC_URBAC模型，在RBAC模型的基础上增加继承约束的用户直接授权机制和优先约束的用户角色分配机制，提出基于个体和优先的授权冲突解决策略，并给出用户权限和角色权限的求解算法。运用IPC_URBAC，构造二进制授权掩码进行复杂权限设置，应用Web Service完成细粒度权限检查，达到权限与业务的剥离，实现一种与业务无关的柔性授权系统。

关键词: 角色, 继承和优先约束, 柔性授权, 授权冲突, 权限掩码

Abstract: In view of drawbacks of current permission systems and role authorization, this paper designs IPC_URBAC model, adds user direct authorization mechanism based on user inheritance constraint and user role assignment mechanism based on priority constraint, puts forward authorization conflict resolution strategy based on individual and priority, and gives algorithms for solving the set of privileges belonged to a user and a role. It uses IPC_URBAC model, designs binary authorization mask to resolve setting problem of complex permission, and separates permission controls from concrete business by using Web service to complete the fine-grained permissions check, realizes a flexible authorization system having nothing to do with business.

Key words: role, inheritance and priority constraint, flexible authorization, authorization conflict, permission mask

中图分类号: 

• TP309.2