根据用户所从事的具体工作划分用户群组的方法,归为同一用户群组的各个用户具有相同的角色集,同时由群组取代多名用户接受角色授权,这样多次用户角色授权就被压缩为一次群组角色授权,大大减少了授权工作量.文中设计了"群组图"用于形式化描述用户群组的性质,分析了在进行群组角色授权时应注意的问题,讨论了在RBAC模型中设置的用户群组与访问控制列表ACL(Access Control List)中的用户群组的本质区别.同时应用用户群组完成了中级人民法院办公自动化系统的用户角色授权.
摘要(英文):
In order to reduce further workload of the same UserRole assignments,this paper combines UserGroup with RBAC and introduces the concept of GroupDiagram which describes graphically the properties of UserGroup.All users in one group have the same role set,and roles are assigned to groups not to users which get roles and permissions via groups.At last,this paper explains the issues in GroupRole assignments which are worth paying attention to and the differences between UserGroup in RBAC and the one in ACL(Access Control List).At the sa...