隨著全球化市場的來臨與運籌管理的推動,企業面臨的競爭也越來越激烈。然而,現今企業獨力經營方式已逐漸無法在劇烈競爭環境下生存,因此企業為了有效提升競爭力,則有賴於企業之間的協同合作,其帶來之優勢可以減少企業成本支出及提升企業作業效益。在多位使用者協同合作的環境中,安全的維護也倍增困難,尤其是使用者存取權限配置與控管。管理者若要給予使用者差異化的存取權限,會造成系統管理的負荷增加;若不當的存取權限配置,則會使系統安全性降低。針對上述問題之解決,本研究提出一個ARBAC model(Augmented Role-Based Access Control)架構,此架構是以RBAC 概念為基礎加以延伸,並強化Role 的管理。由於以往RBAC 概念是應用於作業系統的領域,而未考慮協同作用之需求,因此在第一階段的架構建置,本研究以協同群組概念(意指專案計劃型之協同合作群組)為主重新定義RBAC,以適用於協同合作方式;在第二階段的架構建置,分別以時間概念、Role 行為與環境因素之管理類別,強化Role的管理,進而提升使用者存取權限控管能力。以時間概念之管理類別,是利用時間的定義來配置Role 的應用;以Role 行為之管理類別,是管理Role 配置與存取對象;以環境因素之管理類別,則是建立環境因素與Role 的關聯,以利於Role 配置的管理。本研究透過實際企業個案探討,以及ARBAC model 架構的建置,其目的是提升企業之間協同合作方式的安全性,並達到適性化與彈性化的使用者存取權限控管。
Nowadays, due to the trend of the global market and growth of CALS (Continuous Acquisition and Life-cycle Support), the business environment has become more and more competitive. Hence,collaboration is important and required to incrase the efficiency of product development for the enterprise. However, security issue of collaboration is ignored, especially that of access control. It results in unsecure collaboration for user, data and environment of the enterprise without effective access control. In order to slove the problem regarding security of access control in the collaborative environment, this research proposes an ARBAC (Augmented Role-Based Access Control) model. It extends the RBAC concept for the collaboration and enhances role management. The proposed ARBAC model includes three classes for role management: time-based class, behavior-based class and environment-based class. Time-based class is used to assign role by various time definition; behavior-based class is used to deal with role application; environment-based class is used to create the relationship between environment and role to improve the role assignment. This ARBAC model provides flexible access control and meets diversied user requirement. The aim of this research is to improve security in the collaborative environment and achieve adaptive access control with flexible role assignment and management.