| 摘要 |
A computer implemented method, apparatus, and computer program product for access control in a mixed discretionary access control and role based access control environment. In one embodiment, an execution access for a command is determined using a set of role based authorizations for a user invoking the command. In response to a determination that the user invoking the command is authorized based on the set of role based authorizations, a privilege in a set of privileges associated with the command is raised. Raising the privilege in the set of privileges bypasses discretionary access control checks. In response to a determination that the user invoking the command is unauthorized based on the set of role based authorizations, an execution access for the command is determined using a set of discretionary access mode bits associated with the command.
|
