关键词: 基于角色的访问控制, 私有权限, 私有化阈值, 静态职责分离, 约束检测

Abstract: To improve the flexibility of controlling the depth of permission inheritance, the concept of threshold of privatization was introduced and a method based on it was proposed. Because the depth was defined as the difference between inheritance value and threshold of privatization, it could be changed by adjusting the threshold of privatization, with the precondition that the adjustment would not violate the static separation of duty. An algorithm was given to detect whether the adjustment would violate the static separation of duty. Through analyzing the relationship between permissions of static separation of duty and user's permissions, the algorithm minimized the number of users that need to be considered. Consequently, the time complexity of this algorithm is much lower than the one considering all users.

Key words: Role-Based Access Control (RBAC), private permission, privatization threshold, static duty separation, constraint detection