| Summary: | 碩士 === 世新大學 === 資訊管理學研究所(含碩專班) === 96 === A single sign-on and role-based authorization control can bring great benefits about integrating identity authentication and access control mechanisms. However, when we explore the system control functions, there are fewer simple and effective mechanisms controlling more detailed functions and authority.
According to this truth, my study integrates single sign-on mechanism, RBAC access control mechanisms, file and directory of resource management mechanisms, access pre-loaded mechanisms and auditing mechanisms in order to construct a comprehensive information system group. Because web site's functions, files and directories are too many, controlling the authority efficiently becomes an important issue. The concept of file directory of resource framework, used class directory as the basis of cutting authority, set the authority of related functions easily and reduced the number of functions set by the role, minimizes the amount of data and manages detailed functions. Additionally, in order to enhance efficiency of giving and checking the user authorization, we primarily give the functions needed by users and add authority pre-loaded mechanism, which granted prior permission to common users, when providing authority. As a result, we can improve the using rate of delegating user's authority and reduce the number of times of delegating user's authority.
|
|---|
