Abstract: A problem that child role cannot obtain private permissions because of inherited relation in the Role-Based Access Control(RBAC) model is researched. The specific permission of the roles in same department or similar business, is not discussed in the past solutions, and the permission cannot be inherited by multi father role. Thus a new solution with domain and domain’s permission is presented. The method of permission management is analyzed, an algorithm to inherit permissions from one child for multi father roles is provided, and the question of inheritance is solved. The access control theory based on role and domain in the application system is realized.

Key words: Role-Based Access Control(RBAC) model, role, permission, access control, domain

摘要： 针对基于角色的访问控制(RBAC)模型中由于继承关系产生的子角色不能拥有私有权限问题进行了研究。当前的解决方案在表示同一机构或相同业务性质的角色共有特定权限方面存在不足，也不能满足多父角色权限继承的要求。对RBAC模型进行了扩展，给出一种基于域和域权限的解决方案，并结合实际项目具体分析系统实现权限管理的方法，提出多父角色权限继承的算法，解决了多父角色权限继承问题，在系统的安全管理中实现了基于角色和域的访问控制。

关键词: RBAC模型, 角色, 权限, 访问控制, 域

CLC Number: 

• TP309