Abstract: Large organizations tend to organize their information resources according to their structures. Such a structure often has many similar sub-structures. Using tradition RBAC to model the access control requirement under such environments will lead to define permissions and roles in each one of these sub-structures. So there has much extra work to manage such an access control system. This paper presents an extended RBAC model. In order to solve the above problem, this model adopts organization structures, defines abstract roles and associates such abstract roles and organization structure units.

Key words: Access control, RBAC, Organization structure

摘要： 大型组织的信息资源往往根据组织结构维护，其中存在大量同构的、拥有同类信息资源的单元。传统RBAC模型在这种环境下进行访问控制时需要为每个同构部分定义权限和角色。其中存在大量冗余的工作，特别在同构单元数量很多时授权管理非常困难。该文提出了一个支持组织结构的RBAC模型，模型引入了组织结构，定义了抽象的角色，通过将抽象角色与组织结构单元关联解决上述问题。还给出了模型的扩展以支持角色的使用范围限制和细粒度访问控制。

关键词: 访问控制, RBAC, 组织结构