摘要： 用集合论的方法分析了模型选取的4个决定因素：需要授权的用户数量，功能权限集的基数，角色的权限变化情况，用户的角色变化情况。对RBAC和FBAC的适用情况进行了划分。论证了在复杂的大型系统中，综合采用多种访问控制模型，对权限进行分割合并，区分出公共权限和专门权限，并引入多级授权机制，才能够克服单一模型的不足。

关键词: 存取控制, RBAC, FBAC

Abstract: This paper analyzes the 4 factors that determine which model should be chosen with the method of set: the quantity of users, the radix of function set, the change of role’s permissions, the change of user’s roles. It partitions the different conditions that are suitable for RBAC(role-based access control) model or FBAC(function-based access control) model. This paper demonstrates that it is necessary and feasible to adopt different models in complex large system. In this kind of system, it can deal with two methods: cut apart and combine the permissions; use the mechanism of multistage assignment.

Key words: access control(AC), role-based access control(RBAC), function-based access control(FBAC)

中图分类号: 

• TP311