摘要： 目前基于角色的访问控制模型大多数都不支持细粒度操作。为此，提出一种细粒度的授权委托方法。利用为权限元组分配量值的方法，实现对角色内任意部分权限的表达和控制。引入量化角色，将普通角色与权限量值组合，用于描述不同的权限范围。在胜利油田滨南采油厂物资供应系统中的应用结果表明，该方法能提供更细化的授权和委托粒度，减少过多临时角色的创建，降低系统的管理和维护 代价。

关键词: 访问控制, 授权, 委托, 量化角色, 基于角色的访问控制, 物资供应系统

Abstract: The current role-based access control models often have deficiencies in the fine-grained authorization and delegation, so a fine-grained method for authorization and delegation is presented. With qualified value allocated for permission tuples, any part permission of a role can be accurately expressed and controlled. By introduction of the quantified-role, a common role can be described different privileges with different permission values. Application results in the materials supply system of binnan oil production plant of Shengli oilfield show that the method can provide more fine-grained authorization and delegation, reduce generation of excessive temporary roles, and lower costs of system management and maintenance.

Key words: access control, authorization, delegation, quantified-role, Role-based Access Control(RBAC), material supply system

中图分类号: 

• TP393