Skip to Main Content
According to the hierarchical characteristic of real enterprise organization, an organization-structure oriented access control (OSOAC) policy is proposed. To formally describe the policy, the concept of organization domain is introduced and then the elements of access control are redefined. Based on these elements, the core OSOAC model is formally defined. To assure that the administrative frame corresponds with real enterprise structure, the components of OSOAC model is decentralized administrated based on the OSOAC policy. Contrast to RBAC model, there are fewer roles and permission assignment relations in OSOAC model, which reduce the permission-management complexity in a large access control system.