Abstract: Concerning the characteristics and disadvantages of RoleBased Access Control (RBAC) model, the departmentrole based access control (D-RBAC) finely granular model was proposed in this paper. A formal description for the model elements, the implement mechanism of the model, and the algorithm of access control were given. In D-RBAC model, role was related to department, which effectively implemented the accurate control of access objects and data, and the permission assignment problem of the same role in different departments was resolved. The fine-grained permission control was realized as well. Through the model, the number of roles was decreased, the development assignments were simplified and the accuracy and flexibility of permission management were increased. Finally, an application example of this model being used in one equipment safeguard comprehensive information system was given.

Key words: access control, Role Based Access Control (RBAC) model, finely granular, department

摘要： 针对基于角色的访问控制模型的特点和不足，提出一种基于部门和角色的细粒度访问控制模型（D-RBAC模型），对模型中的元素进行了形式化描述，给出了其实现机制和访问控制算法。D-RBAC将角色和部门相关联，有效实现了对象访问和数据范围的精确控制，同一角色在不同部门的权限分配以及细粒度访问控制，减少了角色管理数量，简化了开发配置过程，增加了权限管理的精确性和灵活性。最后，给出了该模型在某装备综合管理信息系统中的应用实例。

关键词: 访问控制, 基于角色的访问控制模型, 细粒度, 部门