Flexible Organization Structure-Based Access Control Model and Application

Abstract

RBAC as a kind of permission access control technologies supports enterprise information security effectively. However, in many cases, traditional RBAC can only establish a permission access control mechanism based on discrete group-role or user-role management inside an organization. And the user group whose organization structure is more complicated is not supported by RBAC. It is also lack of the adaptability of dynamic changes to the complex organization structure. To solve these problems, a permission model called Flexible Organization Structure-Based Access Control (FOSBAC) is proposed, which combines the flexible organization structure with the access control to achieve the dynamic management of permissions. First, the general framework and the formal description of FOSBAC are given. Then, the application template using the XACML specification is constructed and an analysis on a case of accessing financial statements is used to demonstrate the feasibility of the application. Finally, it is shown that FOSBAC possesses better adaptability to complex organization structure and higher management efficiency in comparison with RBAC and ROBAC.