摘要： 分析现有基于角色的访问控制模型在Web应用系统中的不足，提出一种基于角色-功能模型的用户访问控制方法，并对其具体的实现进行讨论。以系统业务功能需求自然形成的Web页面组织结构和用户访问控制需求为基础，划分最底层菜单中页面实现的业务功能，以业务功能作为权限配置的基本单位，通过配置用户、角色、页面、菜单、功能之间的关系，控制用户对页面、页面中所包含的html元素及其操作等Web系统资源的访问。在山东交通学院科研管理系统中的实际应用结果表明，该方法在菜单及页面实现的业务功能上实施访问控制，可使Web系统用户访问控制较好地满足用户要求，有效降低Web系统开发的工作量。

关键词: Web系统, 基于角色的访问控制, 访问控制, 业务功能, 角色-功能模型, 动态系统菜单

Abstract: The access control requirements of Web application system and the shortcomings in Web application system with Role-based Access Control(RBAC) model are analyzed, a fundamental idea of access control based on role-function model is proposed and its implementation details are discussed. Based on naturally formed Web page organization structure according to the business function requirements of the system and access control requirements of users, business functions of pages are partitioned in bottom menu in order to form the basic unit of permissions configuration. Through configuring the relation between user, role, page, menu, function to control user access to system resources such as Web page, the html element and operation in the page. Through the practical application of scientific research management system in Shandong Jiaotong University, application shows that implementation of access control in the page and menu to achieve business function, can well meet the enterprise requirements for user access control of Web system. It has the advantages of simple operation, strong versatility, and effectively reduces the workload of Web system development.

Key words: Web system, Role-based Access Control(RBAC), access control, business function, role-function model, dynamic system menu

中图分类号: 

• TP309