| This dissertation is aim to implement a public privilege management system based on the model of RBAC (Role-Based Access Control) after the deep research on the SOD (Separation of Duty) based on RBAC in the application system.First of all, this thesis makes an extensive research on the standard model of RBAC in theory and practical application respectively. Considering the reality, it comes up with a serial of problems about how to implement the SOD and has solved these problems in the end. Referring to the thought of constraints mentioned in the model of RBAC2, it adds two new elements named Task and Task Instance to extend the model of RBACO. After that, it designs the theoretical solution of the SOD.During the course of the implement of the theoretical solution mentioned above, the dissertation utilizes the filter to validate the SOD so that it is able to separate the business from the course of validation in order to enhance the independence of the public privilege management system. In the meantime, given the practical environment, it defines several key elements reasonably in the solution. Finally, it implements this theoretical solution by coding.At present, the public privilege management system has been applied to several MIS (Management Information System) in the firm successfully. In addition, these MIS have re-developed the SOD on the basis of the original privilege management system. In fact, this system is able to solve the problem about repeated developments in the practical application. Above all, it has improved the development efficiency. |
PDF Full Text Request