摘要： 研究了传统RBAC(基于角色的访问控制）的4 个层次模型，分析了在企业规模不断扩大背景下传统RBAC 的不足，并借鉴DTE模型域和型的思想，提出了通过引入主体和客体的属性(区域）参数以及虚拟权限的解决方法，极大地减少了角色的规模，降低了角色管理的复杂性，为进一步解决角色冲突等问题奠定了基础。

关键词: 访问控制；基于角色的访问控制；区域

Abstract: This paper introduces the basic concept of RBAC by the exemplification of four level models, then analyzes the shortcomings of traditional RBAC in the background of gradual enlargement of scale of the enterprise. Finally it refers the idea of domain and type of the DTE model and shows a way to solve it by introducing the parameter of subject’s attribute and object’s attribute. This way can reduce the number of the role and the complexity of role's management and it can establish the foundation for further solving such problems as the role conflict

Key words: Access control; Role based access control(RBAC); Domain