摘要
我們在一個以Web-based MVC架構設計的權限控管系統中,加入角色階層(Role Hierarchy)以及登入管理(Session Management)的觀念。在目前的系統中只有基本的RBAC功能,權限分配到角色上,使用者再依照擁有的角色來取得使用系統的權限,但目前沒有角色階層及登入管理的概念。系統有使用者、角色、權限、功能等主要的元件,透過這些元件設定一個使用者在系統中能使用的功能以及資源。我們將角色之間的關係訂定在DB Table中,在其中設定角色階層及繼承關係,並可搜尋權限的繼承。我們實作Java既有的物件來設計Session元件,將使用者的資訊存放在Session中,管理角色的過程與狀態,達到動態切換角色,取得其他角色的權限。我們最後實作一個案件流程的範例,使用者的權限可經由繼承的方式獲得,在處理案件時,使用者藉由切換角色的功能,操作流程中各個需要不同權限的程序。
並列摘要
In this thesis, we added role hierarchy and session management to an existing web-based RBAC system that was implemented using server side MVC design pattern. Currently, the system has the following major components, user, role, right and function that are used to determine the privileges that a user can use. Components for role hierarchy and session management are added to the system. The hierarchical relationships among roles are stored in database tables that can be used to decide the inheritance of privileges. The Session component was implemented using existing Java object to store a user’s information such as the ordering of roles activated and current active role. A workflow example was implemented as a demonstration of our implementation. In the example, a user must change role in order to obtain different privileges to operate during different stages of a workflow.
參考文獻
延伸閱讀
- 邱啟弘(2004)。RBAC權限控管系統中靜態責任分離機制之研究〔碩士論文,中原大學〕。華藝線上圖書館。https://doi.org/10.6840/cycu200400204
- 蔡昌學(2004)。RBAC權限控管系統中動態責任分離機制之研究〔碩士論文,中原大學〕。華藝線上圖書館。https://doi.org/10.6840/cycu200400205
- 鄭皓中(2012)。基於R-OSGi分散式系統實現服務導向架構之設計〔碩士論文,淡江大學〕。華藝線上圖書館。https://doi.org/10.6846/TKU.2012.01147
- Turki, S., & Mention, A. L. (2010). Design of a Performance Measurement System in a RTO. Communications of the IBIMA, 10(), ad1-13. https://doi.org/10.5171/2010.309073
- 吳振鋒、藍天雄、羅智耀(2010)。The Study on System Design Requirements for Knowledge Management。管理科學研究,7(1),35-49。https://doi.org/10.6873/MSR.201012_7(1).0003