中文摘要：

访问控制是一种重要的信息安全技术,基于角色的访问控制（RBAC）模型因其灵活性和相对易维护性而被广为接受和应用。介绍了基于角色的访问控制,然后以基于角色的访问控制理论为基础,结合B/S应用模式的特点,通过控制应用系统各个Web页面对于不同用户角色的可见性,设计和实现了基于角色-页面的访问控制（RPBAC）模型,并给出了部分关键的实现源代码。实践结果表明,该模型满足了对不同用户访问控制的需求,具有安全性好、灵活性高、便于管理等特点。

英文摘要：

Access control is an important information security technology. The role-based access control （RBAC） model is accepted and applied abroad because its flexibility and easy maintenance. The role-based access control strategy is introduced, then based on role- based access control theory, and combining the characteristics of the B/S application mode, by controlling web pages of application system availability to different roles, a role-page-based access control （RPBAC） model is designed and implementation, and the key source codes of implementation are given. The practices show that the model meets the demands of access control, possessing the merits of good security, high flexible and easy to management.