|
As an integrated monitoring system, the traction transformer on-line monitoring information system mainly takes charge of on-line collection, storage, management and analysis of the traction transformer's information. With the growing extent of computer network application in the traction substation automatic system, how to safely manage the system has become crucial. A general-purpose security access control module based on the principle of RBAC is designed, which achieves security control over the application... As an integrated monitoring system, the traction transformer on-line monitoring information system mainly takes charge of on-line collection, storage, management and analysis of the traction transformer's information. With the growing extent of computer network application in the traction substation automatic system, how to safely manage the system has become crucial. A general-purpose security access control module based on the principle of RBAC is designed, which achieves security control over the application layer by role identification of the system operators to determine its accessible resources and performable system functions and operation. The module is a logical abstraction of how the commonly used privilege administration works. It is designed as a kind of software component to realize the software reuse ability as best it can. 牵引变压器在线监测信息系统是负责牵引变压器信息的在线采集、存储、管理、分析的综合性监测系统。随着自动化系统网络程度的提高 ,它也面临着保证日益严峻的系统安全管理问题。因此 ,设计了一个采用 RBAC(基于角色的权限管理 )理论的通用权限安全管理模块。通过对系统操作人员的角色认证判断其可访问的资源和可执行的系统功能及操作 ,实现应用层级别的安全管理。通过对权限管理系统实现思想的逻辑抽象 ,设计成通用的软组件模式 ,最大程度地实现软件模块的可重用性。 For the enterprises characterized by high-coupling jobs and crossing businesses, it is difficult to implement the administration of information system privilege by utilizing the traditional access control strategies based on user or role. In this paper, according to the basic theory of the RBAC (Role-based Access Control), a multi-layered TRBAC (Tree Role-based Access Control) model was presented and a role-based privilege administration scheme was implemented in the application layer. The practical example... For the enterprises characterized by high-coupling jobs and crossing businesses, it is difficult to implement the administration of information system privilege by utilizing the traditional access control strategies based on user or role. In this paper, according to the basic theory of the RBAC (Role-based Access Control), a multi-layered TRBAC (Tree Role-based Access Control) model was presented and a role-based privilege administration scheme was implemented in the application layer. The practical example indicates that the TRBAC simplifies the configuration rules of user, role and permission, and makes the privilege management more convenient. 对于工作职能耦合度高、业务呈交叉状的企业 ,传统的基于用户或角色的访问控制 (RBAC)策略已难以实现信息系统的权限管理 .文中结合RBAC的基本思想 ,提出了一种分层的树型角色访问控制 (TRBAC)模型 ,并在应用程序层实现了基于角色的权限管理方案 .实践表明 ,TRBAC简化了用户、角色和许可三者之间的配置规则 ,方便了系统的授权管理 . Under the Circumstance of the big Management Information System,espcially with a large number of system users of frequent fluidity,the management of privilege is very difficult to maintain.By analysing the theory base of Role-based Access Control,a privilege control tactics of Role-based and Object-related is put fornard to solve the problem of application layer privilege administration,and to strengthen the systematic flexibility and convenience. 对于大型管理信息系统,特别是系统用户数多,任务流动性较大的情形,用户权限管理是一个复杂并难以维护的问题.在分析RBAC(R o le-B ased A ccess Con tro l)用户权限管理的理论基础上,提出了一种基于角色及对象关联的权限控制策略,有效地解决了应用级权限管理问题,增强了系统权限管理的灵活性和方便性.
|