Skip to Main Content
Recent years, papers on role-based access control (RBAC) have increasingly emerged, but not many of them deal with real large-scale applications. In this paper, through an example system, the China Official Documents Run System (CODRS), the issues on access control tactics in large-scale organizations are discussed. Also, the paper demonstrates that it is effective to apply role hierarchy tactics in large-scale applications. The basic access control policy and management methods in CODRS are introduced and an improved role hierarchy model based on the RBAC96 model is presented. Especially, a changeable role inheriting mechanism and some other key concepts and methods used in CODRS are discussed, and a comparison between the new model and RBAC96 model is given. Meanwhile, we conclude that because of the complexity of permission requirements in large applications, using the RBAC policy only is not enough, and it is also necessary to adopt traditional access control mechanisms in practices.