近年來,企業資訊系統的發展,已從資訊系統的建置轉為著重於資訊安全,資訊安全這個課題,除了要防止外部人員對於資訊系統的不當存取、破壞、癱瘓,同時也要注意內部人員對於資訊系統不當的使用、舞弊與洩漏企業機密的可能性。尤其是在發生了許多內部人員濫用資訊系統,對於企業造成有形無形的損失之後,企業對於員工對資訊資源存取權控制便成為一項重要的安全控管機制。 本論文的主要研究目的,是在探討如何將角色基存取權控制模式(RBAC, Role-Based Access Control)運用在銀行業每日交易發生的第一線──臨櫃系統上。所以本論文會將RBAC模型建置在關聯式資料庫上頭,並以SQL語言來實現存取權�角色的授予、註銷,以及各項的限制式。並且將採用Enhanced Entity-Relationship 模型來描述整個系統的邏輯架構。 以關聯性資料庫實作RBAC模型,運用在銀行業臨櫃系統的存取權控管上,經由本論文的探討與實作之後,證明的確是一成本低廉且確實可行的存取權控管方式。
Recently, the development of enterprises’ information systems moves the focus from implementations to securities. The information security issues, not only about the external’s unsuitable access, destroying, and paralysis but also about the internal’s abuse, cheat, and divulgence of business information. Especially, while employees misuse information systems and make tangible and intangible losses, the access control of employees to systems become important measures to security issues. The purpose of the thesis is to research the using of RBAC for enterprises’ applications systems. Taking the banking industry’s system as an example and is limited to the frontline of daily transactions as the example system for discussion — Teller System. This thesis will implement RBAC mode on relational database and use SQL to fulfill the revoke, invoke, and constrains of access/role control. Also, the Entity-Relationship model will be used to describe the logical architecture of the whole system.By means of Entity-Relationship as the RBAC model and implement on bank’s Teller System for access control and the researches and practice of this thesis. RBAC is proved to be the cost-effective and workable methodology.