由於資訊的發達,以往企業的人工作業模式也逐漸轉成以電腦化的方式作業,因此控管使用者的權限控管變成極為重要。但對於系統管理員而言,如何維護使用者的權限卻不是一件簡單的事情。以角色為基礎的存取控制(Role-Based Access Control, RBAC),利用了使用者–角色–權限的對應方式,比起傳統的Access Control List,可以大幅降低管理上的困難,動態權責分離(Dynamic Separation of Duty, DSD)是RBAC中的一個重要的延伸功能,某些有衝突的角色可以同時分派給同一個使用者,但是這些角色不能同時啟動。 本篇論文主要是討論在一個權限控管系統中,加入動態權責分離的機制,可讓系統管理者設定角色間的動態衝突之關係,且提供使用者在動態衝突的情況下,設定其在登入系統時可同時啟動的角色。
Due to the development of information technologies, more and more manual operations in enterprises are replaced by computerized operations. Thus, it is important to control user’s access permissions to enterprise information. The Role-Based Access Control uses Roles as a mapping between users and permissions, which can simplify the management of the access rights. Dynamic Separation of Duty is an important characteristic of RBAC, which means that one can assign some DSD roles to a user, but those roles can not be activated at the same time. In this thesis, we will research on how to design and implement DSD in an access control system. An administrator can specify the DSD relationship between the roles, and a user can select which DSD roles to be activated when he or she logins.