摘要:Abstract -With the rapid development of network and the coming of information age, access control is particularly important, role-based access control (RBAC) is an access control which is popular. RBAC authorizes and controls the roles corresponding to the users to operate the object. It solves problems of least privilege, separation of duties and so on. However, limited permissions are required to be executed by a certain sequence, that is, the permission owned by a user is controlled by other users’. To solve this problem, this paper proposed an improved model on the base of the original RBAC, not only to retain the original characteristics of RBAC but also solve a specific problem of some permissions which are needed to executed by sequential order, and the analysis shows that this scheme has better security, better flexibility, and can be well applied to the workflow system.
关键词:RBAC; least privilege; duty separation; dynamic constraint