Skip to Main Content
On analysis of several existed task-role-based access control models, a novel task-role-based access control model is proposed to provide a safe and easy way to access data in the workflow system. The definition of user, role, task and privilege, constraint rule, authorization strategy and their relationship are described formally. The privilege is defined as a series of operations on object in the access control model. The constraints of user and role are defined by the constraints of task. In this way, the relationship of user, role and privilege is described clearly and it's convenient for system maintenance and safety management. The implementation of the model in practical shows that it could provide a more clear way to describe the access privilege of one user in a role to execute one task in the system. It could also describe the achievement of privileges in the workflow system.