Tongxin xuebao (Nov 2024)
Research on the design and application of role-resource based access control model
Abstract
The traditional role-based access control (RBAC) model plays a crucial role in permission management but faces challenges in Web applications, such as lack of resource definition, permission explosion, and permission leakage. To overcome these limitations and enhance the precision and flexibility of permission management, a role-resource based access control (R-RBAC) model was proposed, which introduced resource hierarchy on top of RBAC, effectively addressing the shortcomings of the traditional model. A detailed analysis of the limitations of the traditional RBAC model in Web development was provided, the importance of the R-RBAC model was discussed, and the design of the new model was elaborated. Through practical case studies, the advantages and application prospects of the R-RBAC model in permission management were demonstrated. The research shows that the R-RBAC model not only resolves the issue of permission explosion by enabling dynamic configuration and automatic assembly of permissions but also excels in permission auditing and tracking, significantly facilitating permission management. This study delves into the design and practical application of the role-resource based access control model, highlighting its importance in improving the precision and flexibility of permission management. Future research can further optimize the R-RBAC model and explore its applications in other domains to achieve more efficient and secure permission management.
