摘要： 基于角色的访问控制模型简化了访问控制授权，但是与代理机制相结合所带来的授权问题，制约了其在网格中的应用。该文介绍了RBAC与代理机制相结合所带来的授权问题，在定义了角色屏蔽概念的基础上，提出了面向代理机制的角色访问控制模型。引入了全局角色、本地角色等概念，用于描述PRBAC模型。PRBAC模型对用户与角色的匹配是通过角色委派集和多种角色合并策略完成的。PRBAC模型可以很好地解决在网格环境中使用代理机制的情况下引入RBAC所带来角色屏蔽问题，加强了服务节点的访问安全控制。

关键词: 网格, 角色, 代理, 安全

Abstract: Although it makes the authorization easier, role-based access control (RBAC) model will cause authorization problem when combining with proxy mechanism. This paper discusses the authorization problem and defines the conception of covered role, presents a proxy mechanism oriented role-based access control (PRBAC) model. In the model, it introduces some notions to describe PRBAC model. In PRBAC model, user’s role can be appointed by kinds of coalition policies and role appointed unit. This model can efficiently resolve the covered role and enhance authorization of service nodes.

Key words: Grid, Role, Proxy, Security