基于能力-角色访问控制模型

Role-based access control model has become one of the most powerful and generalized access control model for handling security management problems. However, in a collaboration system under RBAC controlling, there is still a risk that there is no rules to restrict administrators to assign the disconflict roles to any user within their competence. To cope with this risk, in this paper we propose a Capability-Role based Access Control model. The CRBAC model inherits the RBAC model of flexibility, and predefines the scope of authorized persons' capacity to the restrictions on the authorized operations. Applicability of the CRBAC model has been evaluated through some case studies at the end of this paper.