A business-independence administrative model for role-based access control

For the various business functions and complicated authority settings in different information system development, resources are wasting in rewriting the permission management model. This paper proposed a kind of general permission management module based on an improved RBAC, which described the inheritance relation between the roles and the composition relation of the modules based on hierarchical namespace, using function mask to separate permission controls from concrete business, using logic expression to limit data sets to be permitted operated to achieve the purpose of fine-grained control. The application examples show that this model can realize fine grained access control effectively and has more general.