Research On Role & Task-based Access Control Under Enterprise Environment

The access control is one method which controls and limits the access-rights andaccess-scope via some way explicitly. Under the electronic commerce environment, itserves as one of the key approaches to solve the enterprise information system security,also is the key point and hot spot of study in the field of information security. Atpresent, there are many kinds of access control model proposed, but almost all thepresent models are confined to certain limitations, such as cannot satisfying enoughfrequent position changes in the modern enterprise, more and more complex businessprocess, as well as distributing management and so on.On the basis of the present access control models to be researched, this thesisanalyzes the superiorities and its limitations of each kind of model, and combinesRole-Based Access Control(RBAC) with Task-Based Access Control(TBAC)according to the characteristics and the demands of access control under the enterpriseenvironment, proposes a Task-Administrative Role Based Access Control(T-ARBAC)model on distributed enterprise environment. This kind of model can satisfy therequest of the enterprise access control well, it has the flexibility and the versatility. Atthe same time, this article uses the Unified Modeling Language to carry on themodeling, analysis and design for T-ARBAC. When designing the model, the methodof Single Sign On(SSO) is introduced to verify the model, and a better simulationresult is obtained.The proposed T-ARBAC model in this paper takes role and task as key elements ofaccess control, realizes the logical separation between the user and the permission.The features of this model are as follows:1. Combining the initiative access control with the passive access control, by doingso not only can manage tasks belonging to the business process, but also can managethe ones not belonging to the business process. Therefore the access control flexibilityis enhanced.2. Making classification of administrative role and the administrative permission,the distributed management requirement on enterprise environment is satisfied well and the complexity of authorization management is reduced.3. Classifying the tasks by category, the private permission problem is solved.