Abstract: The concept of organization domain is introduced to describe the hierarchical structure of the enterprise organization. Based on the concept, the elements of access control are redefined and an Organization-Structure Oriented Access Control(OSOAC) model is proposed. The hierarchical OSOAC model and constrained OSOAC model are drawn by extended the Core OSOAC model. Contrast to RBAC model, there are fewer roles and permission assignment relations in OSOAC model, which reduce the privilege-management complexity in a large access control system.

Key words: access control, organization domain, role, hierarchy, constraint

摘要： 引入组织域的概念，描述企业组织的层状结构，在此基础上重新定义访问控制要素，提出面向组织结构的访问控制(OSOAC)模型，并扩展得到等级OSOAC模型和约束OSOAC模型。与RBAC模型相比，OSOAC模型能减少角色数量和权限分配关系，降低大型访问控制系统的管理复杂度。

关键词: 访问控制, 组织域, 角色, 等级, 约束

CLC Number: 

• N945.12