Abstract: Aiming at the shortage of Role Based Access Control(RBAC) model on efficiently assigning a role for the user and assigning permission for the role and permission allotment want for context constrain, this paper puts forward Organization Based Access Control(OBAC) model. It increases organization concept on the RBAC foundation and lowers many complexities that assigning role for user in the classes organization. According the organization to definite entity and relation, the efficiency leads to raise role permission an assign into the abstract concept of the object and action, and defines the context entity to carries out the permission constrain.

Key words: organization, role, entity, relation

摘要：

基于角色的访问控制(RBAC)模型在为用户分配角色和为角色分配权限方面效率不高，在权限分配方面缺少上下文限制。文章针对该缺陷提出基于组织的访问控制模型，在RBAC的基础上，通过扩展组织作为实体，降低多级组织中用户角色分配的复杂性。引入客体和行为的抽象概念，基于组织定义模型中的其他实体和关系提高角色权限分配效率，实现权限的上下文约束。

关键词: 组织, 角色, 实体, 关系

CLC Number: 

• TP309