在一般的以角色為主之權限控管(Role-Based Access Control,RBAC)系統上,在分配角色給使用者時,並不會把使用者的環境當作限制條件,因此無法符合某些現實世界的運作情形。而用來處理使用環境的概念稱之為情境(Context),情境為一種與角色對應的模式,當使用者要透過角色來取得權利前,必須先比對角色上的情境是否符合使用者所處的環境,若不符合則停用這個角色。 在本論文中,我們將探討如何用情境來改良RBAC,使其符合現實世界的運作,並且實作在一套RBAC系統上。首先必須在資料庫中新增一個情境資料表,以存放個種不同的情境,裡面包含了情境代碼、情境名稱以及情境類型等欄位,然後必須修改角色資料表,增加存放情境資訊的欄位,即可由此欄位得知角色所擁有的情境限制。最後還要替附屬的情境衝突功能新增情境衝突資料表,包含了衝突代碼與情境衝突的欄位,其中情境衝突欄位中存放的是情境代碼,代表著同一個衝突代碼的情境組合是不能同時設定給同一個角色的。 實作上除了對資料庫的修改外,還需要在RBAC系統上增加兩種與情境有關,且只允許系統管理者操作的功能。第一種功能是靜態情境衝突設定,管理者可以在此新增、修改及刪除情境衝突組合到情境衝突資料表中,以避免因角色設定到錯誤的情境組合,使角色無法正常得到權利。另一個功能是角色情境設定功能,管理者可以在此新增、修改及刪除情境到角色的情境代碼欄位中,並依照上述的情境衝突做判斷,看是否有衝突組合發生。最後必須修改權限檢查程式,讓使用者在透過角色取得權利之前,先判斷角色上的情境是否符合使用者的環境,若角色上的情境組合中有情境不符,則必須停用這個角色。
In traditional Role-Based Access Control systems, the user’s environment is not usually taken into consideration when assigning roles to users. This may not be appropriate in some real world operational circumstances. A concept called context is used to deal with a user’s environment. If a user’s environment does not agree with the context associated with a user’s role, the role cannot be activated. In this thesis, we research on how to integrate context into RBAC and to implement context in an existing RBAC system. First, we need to add a context table to database to save contexts. This table includes context code, context name and context type. Then, we add new columns that store context information in the role table. We can use the new columns to check contexts associated with the role. Finally, we add a context conflict table, which includes two columns that are conflict code and context code. Contexts with same conflict code means that those contexts conflict with each other. We also add two administrative functions for context. One is the Static-Context-Conflict-Setting function. System administrators can use this function to define conflicts, so that a user will not be prevented from activating a role due to wrong context combination. The other is Role-Context-Setting. When there is no context conflict, administrators can use this function to associate contexts with a role. We also need to modify the permission-checking program, so that the system will have the capability to check the contexts of a role.