System access control based on role management

Source: Internet
Author: User
1. Introduction (Introduction)

1.1. Keyword definition (definitions)
A description of the definition is as follows:
Safety Management: Computer Technology security Management is a wide range, can include network security, data security, operating system security and application security. Many aspects of security management has been a mature product, we need to have a selective use of their own to achieve their goals. The term related to "safety management" in this article is limited to the scope of the object and data in the application of the company.
Subject: It is possible to request any entity, including various users, other applications that have interfaces with the system, and illegal intruders, as applied systems emit applications. The system must have the ability to identify the main body, the interface is actually registered by the user, so the main problem is to verify the legality of user identity, the system should establish a user identification mechanism to authenticate the user identity.
User: A user is a subject that can independently access data in a computer system or other resources represented by data, and we use users to represent a collection of users. The user is generally referred to as a person.
Permissions: Permissions are licenses for accessing data in a computer system or other resources represented by data. We use permission to represent a set of permissions. It can be divided into two kinds: Object access control and data access control.
Object access control: A two-tuple representation: (Control object, access type). The control object represents all the resources in the system that require access control. We will introduce a complete set of resource representations to define and reference the various types of resources that appear in the system (see later). Access type refers to access control for the corresponding controlled object, such as read, modify, delete, and so on.
Data access control: If the data access is not controlled, the security of the system is not guaranteed, it is easy to have data leakage events. Therefore, in the permissions must be accessible to the object of the data to be given a different level of encryption protection. We also use a two-tuple to represent: (Control object, predicate).
Permissions can eventually be grouped into the following form: (Control object, access type, predicate).
Role: A role is a job or position in an organization or task that represents a qualification, right, and responsibility. We use roles to represent a set of roles.
User delegation: User delegation is a two-yuan relationship between users and roles, and we use (U,R) to indicate that the user U was delegated a role R.
Permission configuration: The privilege configuration is a two-yuan relationship between roles and permission, and we use (R,P) to indicate that role R has a permission p.
2. Demand Analysis
Based on our experience in the industry for many years, reference to the successful experience of other peers integrated advanced thinking, we have the ability for our own application system to develop a complete set of functional and flexible security management system. Frees developers from the burden of duplication of authority management and concentrates on the development of application functionality. Through the collection of the company engaged in MIS project development experienced software engineers on the various circumstances of the corresponding system of the requirements of the proposed to make the following summary.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.