摘要： 研究了通过对基于角色的访问控制（RBAC）进行定制实现强制访问控制（MAC）机制的方法。介绍了RBAC 模型和MAC 模型的基本概念，讨论了它们之间的相似性，给出了在不考虑角色上下文和考虑角色上下文两种情形下满足强制访问控制要求的RBAC 系统的构造方法。从这两个构造中可以看出，强制访问控制只是基于角色的访问控制的一种特例，用户可以通过对RBAC 系统进行定制实现一个多级安全系统。

关键词: 基于角色的访问控制；强制访问控制；基于格的访问控制

Abstract: The realization of mandatory access control (MAC) by configuring role-based access control (RBAC) is investigated. First, the basicdefinitions of RABC model and MAC model are introduced. Second, the similarities between them are discussed. Third, two constructions are given which simulate MAC in RBAC systems. Among the constructions one considered the role context and the other not. It is obvious from the two constructions that MAC is just one instance of RBAC, so users can implement a multilevel secure system by configuring a RBAC system whenever necessary.

Key words: Role-based access control; Mandatory access control; Lattice-based access control