摘要： 将角色和权限的属性表达式作为授权约束条件的重要组成部分，给出约束条件的定义，引入角色工程的思想和方法，在此基础上提出产生授权约束条件涉及的属性、属性表达式、权限属性表达式、角色属性表达式和用户属性表达式的识别、产生和优化的方法及相关算法，通过一个应用实例说明方法的可行性。

关键词: 基于角色访问控制, 授权约束条件, 角色工程

Abstract: This paper considers permission and role’s attribute expressions as the important parts of authorization constraint. It gives the definition of constraint, and proposes some methods, procedures and algorithms for the identification, generation and optimization of attribute, attribute value, permission attribute expression, role attribute expression and user attribute expression by the introduction of role engineering. An example is given to show how these methods work.

Key words: Role-Based Access Control(RBAC), authorization constraint, role engineering

中图分类号: 

• TP309