RBAC-Based Access Control for SaaS Systems

SaaS (Software as a Service) deliver software as a service over the Internet, eliminating the need to install and run the application on the customers' own computers and simplifying maintenance and support. Access control is an important information security mechanism, according to user identity and the attribution of a predefined group of users to restrict access to certain information items, and limit the use of certain functions. In view of the features of multi-tenant, if we apply existing access control methods to SaaS systems directly, the following problems will appear: (1) role name conflicts (2) cross-level management (3) the isomerism of tenants' access control. This paper propose the S-RBAC model which can be applied to SaaS systems, this model extends from the RBAC model and ARBAC97 model, it uses layered structures to achieve system-level and tenant-level access control, solves the SaaS system access control problems. And we put forward a way to implement the access control module for SaaS systems based on S-RBAC model.