中文摘要：

RBAC（基于角色访问控制）的核心是利用角色建立用户与权限之间的联系,实现了用户与访问权限的逻辑分离,其优点是减少了授权管理的复杂性,降低管理开销,具有灵活、易用和高效的特点。针对医院信息系统（HIS）在实际运行中存在的权限管理的复杂性和数据的安全性问题,在分析传统RBAC模型的基础上,结合B/S模式医院信息系统的实际需求,设计了一个实用的、可靠的权限管理应用模型,分析了基于该模型的访问控制模块在医院信息系统中应用的合理性,并采用ASP.NET及SQL Server 2000等技术予以实现。

英文摘要：

The core of RBAC（Role Based Access Control） is that the relationship between the permission and user is established by the role,so as to achieve the logical separation of user and permission,the advantage of this model is to reduce the complexity and the cost of authorization management.It is flexible,easy and efficient.Considering the actual demand of hospital information system（HIS） based on B/S model,designed a application model of permission management applied to the HIS based on the traditional RBAC model,to solve the complexity of privilege management and data security issues which were existed in the actual operation of HIS,and analysed the rationality of its application in HIS based on this model.Finally,the system is realized by ASP.NET,SQL Server 2000 and other technologies.