Full metadata record
DC FieldValueLanguage
dc.contributor.author余俊賢en_US
dc.contributor.authorJin-Shyan Yuen_US
dc.contributor.author黃景彰en_US
dc.contributor.authorDr. Jing-Jang Hwangen_US
dc.date.accessioned2014-12-12T02:27:57Z-
dc.date.available2014-12-12T02:27:57Z-
dc.date.issued2001en_US
dc.identifier.urihttp://140.113.39.130/cdrfb3/record/nctu/#NT900396020en_US
dc.identifier.urihttp://hdl.handle.net/11536/68651-
dc.description.abstract以職務為基礎的執行權管制 (Role-Based Access Control,簡稱RBAC),是以職務概念為核心,建立使用者對資訊資源執行權限的管理,為一套符合企業需求,同時兼顧組織層級架構與權責區分的存取權限控管機制。然而,要將 RBAC 機制導入現有 web-based 的企業資訊系統,卻常常面臨系統難以整合的困境。因此,本論文針對導入 RBAC機制於現有 web-based 系統為主題,分析 web 應用程式的發展模式,開發出具有 RBAC 精神的存取控制模組 (稱為 Role Capabilities Access Module,簡稱為RCAM),以整合企業應用系統的存取控管,展現 RBAC 卓越的功能與效用。 藉由本論文所開發的 RCAM存取控管模組,可於網站底層建構「單一網頁的職能存取控管機制」(Page-based Role Capabilities Access Control),提供個別網頁的權限控管,以強化企業資訊系統的安全。採用單一網頁 (Page-based) 作為存取控管單位的好處,除了可以完全控管系統的的每個物件,達成高安全性外,還可透過職務資訊的收集與整理,進行職務屬性的使用者行為分析,輔助資訊系統的稽核。最後,本論文以保險公司與 IC 設計公司作為案例,來探討 RCAM 的可行性,並提出導入 RCAM 的策略與方法,作為實作上的參考。zh_TW
dc.description.abstractRBAC (Role-Based Access Control) is an access control model that is most applicable in the organizational context. It is, however, hard to implement the model with popular web-based systems. The main purpose of this thesis is to design a methodology for embedding RBAC implementations into web-based systems. The author has programmed a computer code, called Role Capabilities Access Module (RCAM), as the basic unit to be integrated into web systems. The author uses RCAM in the bottom layer of web sites to achieve page-based access control. In other words, access control in such systems is done on a page-by-page base. As such, two advantages are achieved: (1) Access control is implemented in the most strict sense; (2) Role information about users is retained in log trails, which can be used to support analysis of users’ behavior. Finally, the author has studied two cases—one for an IC design company and the other for an insurance company—to demonstrate the operability of the RCAM code in various application domains.en_US
dc.language.isozh_TWen_US
dc.subject職位基礎執行權管制模組zh_TW
dc.subject存取控管zh_TW
dc.subject嵌入式設計zh_TW
dc.subjectRole-Based Access Control(RBAC)en_US
dc.subjectRole Capabilities Access Module(RCAM)en_US
dc.subjectPage-based Role Capabilities Access Controlen_US
dc.title以 RBAC 為基礎建構網頁存取控管機制zh_TW
dc.titleConstruction of RBAC-based Web Pages Access Control Mechanismen_US
dc.typeThesisen_US
dc.contributor.department資訊管理研究所zh_TW
Appears in Collections:Thesis