A New Type of WEB-based Access Control Method

ABSTRACT

This paper has proposed a new type of WEB-based access control method which adopted the “Role-function model” user access control idea. By dividing business functions of the page in the bottom menu on the basis of the Web page organizational structure which is required by system business requirements and the user access control requirements, and using the business function as the basic unit of permission configuration, the user’s access to the page, the html elements contained in the page, their operation and other Web system resources are controlled through configuring the relationship among user, role, page, menu and the functions. The practical application showed that the access control model can effectively control user’s access to the Web system; in the meantime, it has simplified the user’s operation and possesses strong versatility, thereby efficiently reducing the workload of Web system development.

Keywords:

Business function, Role-function model, User access control, RBAC model, Role-function model, Validation method.