关键词: 基于角色的访问控制，角色管理，多亲树，角色层次，启发式布局

Abstract: Role-Based Access Control(RBAC) has been widely applied to authorize certain users to access certain data or resources within complex information systems. Several problems are coming about during the application of RBAC models, which include well-representing the role hierarchy, following the constraints applied in user-role assignments and role-role relations, revoking redundant roles and assignments, etc. This paper addressed these problems from the perspective of information visualization to facilitate role management in RBAC, particularly leveraging the experience of trees) visualization. A detailed problem statement was made first,and the data structure of multi-parents tree was defined. Then a multi-parents tree normalization process was proposed to construct a refined role hierarchy for elegant representation. Subsectuently, a two-layered paradigm, the nether for displaying role hierarchy and permissions, and the upper for placing uscrs,was presented for the visualization of role management in RBAC. Additionally,some specific interaction techniques were put forward to visually aid in solving the constraint and redundancy problems.

Key words: RBAC, Role management, Multi parents tree, Role hierarchy, Heuristic layout