中文摘要：

基于角色的访问控制已经广泛应用于管理信息系统中,但其只能通过角色来实现用户和权限的关联,当系统有临时授权用户的需求时操作不便,且用户角色关联关系缺乏灵活性,不能随时间动态变化。本文在研究已有访问控制策略基础上,建立了用户权限直接关联关系,并提出了时间约束因子,将其引入用户角色指派与用户权限指派中,建立了带时间约束的访问控制（TRAC,Time-Restricted Access Control）模型。在档案管理系统的实际应用表明,该模型能很好的实现用户权限随时间的动态变化,提高系统访问控制策略的灵活性与可配置性。

英文摘要：

Role-Based Access Control（RBAC）has been widely used in Management Information Systems（MIS）,and the associated between user and permission can be achieved through role.However it is inflexible for the relationship building between user and role.And the relationship between user and role cannot dynamic changes with the time.Based on the study of existing access control policies,we establish a direct relationship between user and permission,and define the time constraint factor, which is incorporated into the assignment of user role and user permission.Then the Time-Restricted Access Control（TRAC）model is proposed.We test the TRAC model in records management system,and the result shows that the TRAC model can achieve a good user privileges with the dynamic changes of time.It can improve the flexibility and configurability of system access control.