基于租户的访问控制模型T-ARBAC
A Tenant-Based Access Control Model T-Arbac
摘要:
SaaS服务模式极大地降低了企业成本、提高了企业效率,同时也提高了企业的管理水平及加快了其创新步伐。但由于租户数据存储于服务提供商数据存储平台,如何保障租户的数据安全是一个无法回避的问题,并且平台用户数量巨大,如何有效地对用户进行管理也是一个值得探索的问题。本文结合基于角色的访问控制模型,设计出一个支持多租户、方便租户权限控制与管理的SaaS平台访问控制模型T-ARBAC (Tenant-Admin- istrative Role Based Access Control),满足了租户访问控制策略多样性与安全、独立访问共存数据的要求。
Abstract: SaaS service model not only greatly reduces the cost of enterprises, improves business efficiency, but also improves the management level of enterprises and accelerates the pace of innovation. However, it is an unavoidable problem that how to protect data for tenants when the data stored in the SP (service provider) data storage platform. And as the big amount of users in the platform, we also have to take management of user into consideration. This paper designed a new access control model T-ARBAC (Tenant-Administrative Role Based Access Control), combined with role- based access control (RBAC) model, to support multi-tenant access control and facilitate the management of SaaS platform, meeting the requirements of diversity of tenant roles and independent access of coexisting data.