CAJ | 학술논문

在Windows 2003 Server活动目录技术的基础上,基于传统的基于角色访问控制(Role Based Access Control,RBAC)的思想,提出了一种基于活动目录角色的访问控制(Active Directory Based Kole Access Control,ADBRAC)模型.该模型在权限管理以及实现系统安全的策略中,通过对主体、客体和操作同时进行抽象,引入了用户组、视图及动作的概念,实现了细粒度的权限定义和功能权限管理,降低了管理复杂度.该模型已在资源与环境遥感项目成果信息服务系统的开发中得到实现.实践证明,模型简单实用,安全稳定,具有更强的通用性和表现现实世界的能力.
재Windows 2003 Server활동목록기술적기출상,기우전통적기우각색방문공제(Role Based Access Control,RBAC)적사상,제출료일충기우활동목록각색적방문공제(Active Directory Based Kole Access Control,ADBRAC)모형.해모형재권한관리이급실현계통안전적책략중,통과대주체、객체화조작동시진행추상,인입료용호조、시도급동작적개념,실현료세립도적권한정의화공능권한관리,강저료관리복잡도.해모형이재자원여배경요감항목성과신식복무계통적개발중득도실현.실천증명,모형간단실용,안전은정,구유경강적통용성화표현현실세계적능력.
A new model called Active Directory Based Role Access Control(ADBRAC) is discussed in this paper. This model is based on the Active Directory(AD) technology of Windows 2003 server and traditional thinking of Role Based Access Control(RBAC). In the processing of authority management and the realizing of system security policies, the concepts of user group, view and action are imported through abstracting main body and object simultaneously. Through implementing fine-grained authority definition and functional authority management in the management information system, the complexity of the management is reduced and the traditional RBAC is extended effectively. This model has been applied to the results and projects information service system of resource and environmental remote sensing projects, and the result shows that the model is simple, practical, safe and stable. The model has fairly strong versatility and capacity for the performance of the real world.