Abstract: A role-based access control (RBAC) sub-system for government procurement system (RBAC-GP) is presented. RBAC-GP realizes the principle of separation of duty and the principle of minimum privileges, so it can prevent from abusing privileges. RBAC-GP can figure out the complex access control in government procurement system, decrease the complexity of the authorization and management of users. RBAC-GP is configurable and can be maintained and updated easily.

Key words: Role-based access control (RBAC); Roles; Access control; Separation of duty

摘要： 提出并实现了政府采购系统中基于角色的访问控制（RBAC）子系统(RBAC-GP)。RBAC-GP 实现了职责分离原则和权限最小化原则，能有效防止权限滥用；有效地解决了政府采购系统中错综复杂访问控制问题，大大降低了系统授权管理的复杂性；可配置性强，升级和维护容易。

关键词: 基于角色的访问控制；角色；访问控制；职责分离