外文翻译--Web环境下基于角色的访问控制

基于对象的RBAC权限控制模型在Web系统中的应用随着互联网的不断发展，Web系统已经成为人们日常生活中不可或缺的一部分。

而随着Web系统的快速扩展和用户数量的增加，对于系统安全和权限控制的需求也越来越高。

为了保证Web系统的安全性和可靠性，RBAC（Role Based Access Control）权限控制模型应运而生。

本文将详细介绍基于对象的RBAC权限控制模型在Web系统中的应用。

一、RBAC权限控制模型概述RBAC（Role Based Access Control）权限控制模型是一种基于角色的访问控制模型，其核心思想是将用户的访问权限与其角色进行关联，从而使用户在系统中使用其拥有的角色和权限进行操作。

RBAC权限控制模型是目前应用最广泛、功能最完善的访问控制模型之一，它将用户抽象成角色，将权限抽象成资源，并将角色和资源之间的访问控制进行了明确的定义和规范化。

与其他访问控制模型相比，RBAC权限控制模型具有以下优点：（1）简化了权限管理：RBAC模型将所有用户的权限集中在管理员手中，减少了权限管理的复杂性；（2）提高了系统的安全性：通过RBAC模型的角色与权限授权方式，可以有效限制用户的访问权限，保证系统的安全性；（3）便于扩展：当系统增加新的角色、新的功能或新的用户时，可以很容易地修改权限信息，而不影响原来的权限设置。

二、RBAC模型在Web系统中的实现Web系统是一个复杂的软件系统，具有非常广泛的应用场景。

对于Web系统而言，如何实现RBAC授权管理是非常重要的。

本节将详细介绍RBAC模型在Web系统中的实现。

（1）权限管理Web系统中权限管理一般分为两个部分：页面控制和方法控制。

页面控制主要是指对Web页面的访问进行控制，而方法控制则是指对系统中的方法进行控制。

在RBAC模型中，页面控制的权限由角色直接控制，而方法控制的权限由角色和资源之间的关系控制。

例如，对于系统中的一个方法，我们可以针对某个角色设置是否允许访问该方法，如果该角色未被授予权限，则该方法将无法访问。

文献翻译基于 Web 的分析系统院（系）名称信息工程学院专业名称软件工程英文译文基于Web 的分析系统马克斯科特，约翰琳1 摘要在使用分析型数据库时，分析人员将数据归入公用组，并尝试确定条件变化时产生的结果。

例如，提高产品价格会增加单位利润，但可能会减少销量ù会产生较高还是较低的总利润？或者，联邦贴现率的下降会如何影响房地产贷款的收益？为了帮助分析人员根据历史趋势做出有根据的预测，Microsoft 在SQL Server 2000 中提供了分析服务，在SQL Server 7.0 中提供了OLAP 服务。

这些服务都提供OLAP 功能，能够将存储在SQL Server（或任何其他OLE DB 兼容的数据源）上的数据处理成多维数据结构，称为多维数据集。

多维数据集简化了趋势分析和建立实体间交互方式联系的过程。

例如，房地产投资者采用现金流模型来区分一组具有共同特征（如：地产类型、地理位置和利率范围）的贷款，并预测各种事件的影响。

如果贷款提前偿还或者借款人违约，后果将会如何？此类不可预测的事件会如何影响贷款所担保的债券的收益。

从包含几百笔贷款的清单中选择并区分具有分析特征的贷款是需要相当技巧的。

分析服务和OLAP 服务有助于在各组贷款间建立联系，以便分析人员能够建立贷款假设模型。

为了帮助客户的房地产分析人员预测商业抵押证券的业绩，我们的开发小组需要设计一个以各种方式（如：利率、到期期限或地产位置）来简化贷款分类的系统。

其界面应易于学习和使用。

而且，所开发的系统需要在Internet 上进行安全的部署。

为了满足这些要求，开发小组选择了分析服务。

2 在Web上部署Office在选定了后端技术后，开发小组开始制订实现前端界面的计划。

多数金融分析人员使用Microsoft Excel，他们对其界面比较熟悉，感觉也很舒服。

Excel 包括数据透视表服务，能够允许分析人员连接到分析服务数据库。

Excel 的拖放界面提供了对多维数据的简单和直观的访问，并不要求用户进行深入的培训。

A Clear Look at Internal Controls: Theory and ConceptsHammed Arad (Philae)Department of accounting, Islamic Azad University, Hamadan, IranBarak Jamshedy-NavidFaculty Member of Islamic Azad University, Kerman-shah, IranAbstract: internal control is an accounting procedure or system designed to promote efficiency or assure the implementation of a policy or safeguard assets or avoid fraud and error. Internal Control is a major part of managing an organization. It comprises the plans, methods, and procedures used to meet missions, goals, and objectives and, in doing so, support performance-based management. Internal Control which is equal with management control helps managers achieve desired results through effective stewardship of resources. Internal controls should reduce the risks associated with undetected errors or irregularities, but designing and establishing effective internal controls is not a simple task and cannot be accomplished through a short set of quick fixes. In this paper the concepts of internal controls and different aspects of internal controls are discussed. Keywords: Internal Control, management controls, Control Environment, Control Activities, Monitoring1. IntroductionThe necessity of control in new variable business environment is not latent for any person and management as a response factor for stockholders and another should implement a great control over his/her organization. Control is the activity of managing or exerting control over something. he emergence and development of systematic thoughts in recent decade required a new attention to business resource and control over this wealth. One of the hot topic a bout controls over business resource is analyzing the cost-benefit of each control.Internal Controls serve as the first line of defense in safeguarding assets and preventing and detecting errors and fraud. We can say Internal control is a whole system of controls financial and otherwise, established by the management for the smooth running of business; it includes internal cheek, internal audit and other forms of controls.COSO describe Internal Control as follow. Internal controls are the methods employed to help ensure the achievement of an objective. In accounting and organizational theory, Internal control is defined as a process effected by an organization's structure, work and authority flows, people and management information systems, designed to help the organization accomplish specific goals or objectives. It is a means by which an organization's resources are directed, monitored, and measured. It plays an important role in preventing and detecting fraud and protecting the organization's resources, both physical (e.g., machinery and property) and intangible (e.g., reputation or intellectual property such as trademarks). At the organizational level, internal control objectives relate to the reliability of financial reporting, timely feedback on the achievement of operational or strategic goals, and compliance with laws and regulations. At the specific transaction level, internal control refers to the actions taken to achieve a specific objective (e.g., how to ensure the organization's payments to third parties are for valid services rendered.) Internal controlprocedures reduce process variation, leading to more predictable outcomes. Internal controls within business entities are called also business controls. They are tools used by manager's everyday.* Writing procedures to encourage compliance, locking your office to discourage theft, and reviewing your monthly statement of account to verify transactions are common internal controls employed to achieve specific objectives.All managers use internal controls to help assure that their units operate according to plan, and the methods they use--policies, procedures, organizational design, and physical barriers-constitute. Internal control is a combination of the following：1. Financial controls, and2. Other controlsAccording to the institute of chartered accountants of India internal control is the plan of organization and all the methods and procedures adopted by the management of an entity to assist in achieving management objective of ensuring as far as possible the orderly and efficient conduct of its business including adherence to management policies, the safe guarding of assets prevention and detection of frauds and error the accuracy and completeness of the accounting records and timely preparation of reliable financial information, the system of internal control extends beyond those matters which relate to the function of accounting system. In other words internal control system of controls lay down by the management for the smooth running of the business for the accomplishment of its objects. These controls can be divided in two parts i.e. financial control and other controls.Financial controls:- Controls for recording accounting transactions properly.- Controls for proper safe guarding company assets like cash stock bank debtor etc- Early detection and prevention of errors and frauds.- Properly and timely preparation of financial records I e balance sheet and profit and loss account.- To maximize profit and minimize cost.Other controls: Other controls include the following:Quality controls.Control over raw materials.Control over finished products.Marketing control, etc6. Parties responsible for and affected by internal controlWhile all of an organization's people are an integral part of internal control, certain parties merit special mention. These include management, the board of directors (including the audit commit tee), internal auditors, and external auditors.The primary responsibility for the development and maintenance of internal control rests with an organization's management. With increased significance placed on the control environment, the focus of internal control has changed from policies and procedures to an overriding philosophy and operating style within the organization. Emphasis on these intangible aspects highlights the importance of top management's involvement in the internal control system. If internal control is not a priority for management, then it will not be one for people within the organization either.As an indication of management's responsibility, top management at a publicly owned organization will include in the organization's annual financial report to the shareholders a statement indicating that management has established a system of internal control that management believes is effective. The statement may also provide specific details about the organization's internal control system.Internal control must be evaluated in order to provide management with some assurance regarding its effectiveness. Internal control evaluation involves everything management does to control the organization in the effort to achieve its objectives. Internal control would be judged as effective if its components are present and function effectively for operations, financial reporting, and compliance. he boards of directors and its audit committee have responsibility for making sure the internal control system within the organization is adequate. This responsibility includes determining the extent to which internal controls are evaluated. Two parties involved in the evaluation of internal control are the organization's internal auditors and their external auditors.Internal auditors' responsibilities typically include ensuring the adequacy of the system of internal control, the reliability of data, and the efficient use of the organization's resources. Internal auditors identify control problems and develop solutions for improving and strengthening internal controls. Internal auditors are concerned with the entire range of an organization's internal controls, including operational, financial, and compliance controls.Internal control will also be evaluated by the external auditors. External auditors assess the effectiveness of internal control within an organization to plan the financial statement audit. In contrast to internal auditors, external auditors focus primarily on controls that affect financial reporting. External auditors have a responsibility to report internal control weaknesses (as well as reportable conditions about internal control) to the audit committee of the board of directors.8. Limitations of an Entity's Internal ControlInternal control, no matter how well designed and operated, can provide only reasonable assurance of achieving an entity's control objectives. The likelihood of achievement is affected by limitations inherent to internal control. These include the realities that human judgment in decision-making can be faulty and that breakdowns in internal control can occur because of human failures such as simple errors or mistakes. For example, errors may occur in designing,Maintaining, or monitoring automated controls. If an entity’s IT personnel do not completely understand how an order entry system processes sales transactions, they may erroneously design changes to the system to process sales for a new line of products. On the other hand, such changes may be correctly designed but misunderstood by individuals who translate the design into program code. Errors also may occur in the use of information produced by IT. For example, automated controls may be designed to report transactions over a specified dollar limit for management review, but individuals responsible for conducting the review may not understand the purpose of such reports and, accordingly, may fail to review them or investigate unusual items.Additionally, controls, whether manual or automated, can be circumvented by the collusion of two or more people or inappropriate management override of internal control. For example, management may enter into side agreements with customers that alter the terms and conditions of the entity’s standard sales con tract in ways that would preclude revenuerecognition. Also, edit routines in a software program that are designed to identify and report transactions that exceed specified credit limits may be overridden or disabled.Internal control is influenced by the quantitative and qualitative estimates and judgments made by management in evaluating the cost-benefit relationship of an entity’s internal control. The cost of an entity's internal control should not exceed the benefits that are expected to be derived. Although the cost-benefit relationship is a primary criterion that should be considered in designing internal control, the precise measurement of costs and benefits usually is not possible.Custom, culture, and the corporate governance system may inhibit fraud, but they are not absolute deterrents. An effective control environment, too, may help reduce the risk of fraud. For example, an effective board of directors, audit committee, and internal audit function may constrain improper conduct by management. Alternatively, the control environment may reduce the effectiveness of other components. For example, when the nature of management incentives increases the risk of material misstatement of financial statements, the effectiveness of control activities may be reduced.9. Balancing Risk and ControlRisk is the probability that an event or action will adversely affect the organization. The primary categories of risk are errors, omissions, delay and fraud In order to achieve goals and objectives, management needs to effectively balance risks and controls. Therefore, control procedures need to be developed so that they decrease risk to a level where management can accept the exposure to that risk. By performing this balancing act "reasonable assurance” can be attained. As it relates to financial and compliance goals, being out of balance can causebe proactive, value-added, and cost-effective and address exposure to risk.11. ConclusionThe concept of internal control and its aspects in any organization is so important, therefore understanding the components and standards of internal controls should be attend by management. Internal Control is a major part of managing an organization. Internal control is an accounting procedure or system designed to promote efficiency or assure the implementation of a policy or safeguard assets or avoid fraud and error. According to custom definition, Internal Control is a process affected by an entity's board of directors, management and other personnel designed to provide reasonable assurance regarding the achievement of objectives in the following categories namely. The major factors of internal control are Control environment, Risk assessment, Control activities, Information and communication, Monitoring. This article reviews the main standards and principles of internal control and described the relevant concepts of internal control for all type of company.内部控制透视：理论与概念哈米德阿拉德（Philae）会计系，伊斯兰阿扎德大学，哈马丹，伊朗巴克Joshed -纳维德哈尼学院会员伊斯兰阿扎德大学，克尔曼伊朗国王，伊朗摘要：内部控制是会计程序或控制系统，旨在促进效率或保证一个执行政策或保护资产或避免欺诈和错误。

计算机 JSP web 外文翻译外文文献12.1 nEffective web n design involves separating business objects。

n。

and object XXX。

Although one individual may handle both roles on a small-scale project。

it is XXX.12.2 JSP ArchitectureIn this chapter。

XXX using JavaServer Pages。

servlets。

XXX of different architectures。

each building upon the us one。

The diagram below outlines this process。

and we will explain each component in detail later in this article.Note: XXX.)When Java Server Pages were introduced by Sun。

some people XXX。

While JSP is a key component of the J2EE n and serves as the preferred request handler and response mechanism。

it is XXX.XXX JSP。

the XXX that JSP is built on top of the servlet API and uses servlet XXX interesting ns。

such as whether we should XXX in our Web-enabled systems。

and if there is a way to combine servlets and JSPs。

附录附录一：文献资料原文J2EE WEB应用架构分析1、架构概述J2EE体系包括java server pages(JSP) ,java SERVLET, enterprise bean，WEB service等技术。

这些技术的出现给电子商务时代的WEB应用程序的开发提供了一个非常有竞争力的选择。

怎样把这些技术组合起来形成一个适应项目需要的稳定架构是项目开发过程中一个非常重要的步骤。

完成这个步骤可以形成一个主要里程碑基线。

形成这个基线有很多好处：各种因数初步确定：为了形成架构基线，架构设计师要对平台（体系）中的技术进行筛选，各种利弊的权衡。

往往架构设计师在这个过程中要阅读大量的技术资料，听取项目组成员的建议，考虑领域专家的需求，考虑赞助商成本（包括开发成本和运行维护成本）限额。

一旦架构设计经过评审，这些因数初步地就有了在整个项目过程中的对项目起多大作用的定位。

定向技术培训：一旦架构师设计的架构得到了批准形成了基线，项目开发和运行所采用的技术基本确定下来了。

众多的项目经理都会对预备项目组成员的技术功底感到担心；他们需要培训部门提供培训，但就架构师面对的技术海洋，项目经理根本就提不出明确的技术培训需求。

怎不能够对体系中所有技术都进行培训吧！有了架构里程碑基线，项目经理能确定这个项目开发会采用什么技术，这是提出培训需求应该是最精确的。

不过在实际项目开发中，技术培训可以在基线确定之前与架构设计并发进行。

角色分工：有了一个好的架构蓝图，我们就能准确划分工作。

如网页设计，JSP 标签处理类设计，SERVLET 设计，session bean设计，还有各种实现。

这些任务在架构蓝图上都可以清晰地标出位置，使得项目组成员能很好地定位自己的任务。

一个好的架构蓝图同时也能规范化任务，能很好地把任务划分为几类，在同一类中的任务的工作量和性质相同或相似。

这样工作量估计起来有一个非常好的基础。

运行维护：前面说过各个任务在架构图上都有比较好的定位。

中文5270字毕业设计(论文)外文资料翻译系（院）：专业班级：计算机科学与技术姓名：学号：外文出处： /(用外文写)附件： 1.外文资料翻译译文；2.外文原文。

指导教师评语：外文资料紧扣毕业设计课题，翻译准确、文字流畅、语句通顺，信息量足，能够独立按时完成翻译工作。

签名：年月日注：请将该封面与附件装订成册。

附件1：外文资料翻译译文VBA的开发环境本文主要讨论怎样在VBA开发环境中进行编程，通过对路径、目录以及场景所显示的对象的访问，来对它们进行控制和操作。

代码通过设置和获取它们接口的属性来操作对象，例如，设置窗口的最大化和最小化；代码还可以通过运用接口的方法来操作对象，例如，可以在多线中添加一个点；另外，代码还可以设置一个区域的值。

当一个事件发生时，代码随之而运行。

例如，当用户打开一个文档，点击一个按钮，或是通过修改一个正在编辑的草图来更新数据时，都会引发代码的运行。

在我们学习VBA开发环境之前，我们先来了解一下有关VBA的一些概念。

什么Visual Basic for Application 呢？Visual Basic for Application 是Microsoft Visual Basic 系列的一部分。

Microsoft Visual Basic 系列还包括Visual Basic 开发系统（主要有学习版本、专业版本和企业版本）和Visual Basic 脚本版本（VBScript）。

VBA是一个嵌入式的编程开发环境，它可以帮助开发者借助Microsoft Visual Basic的能力来解决客户端的问题。

开发者通过使用基于VBA的应用，可以自动的延伸应用的函数功能。

缩短开发客户端业务的解决问题的周期性。

Visual Basic、VBA以及VBScript之间的区别是什么？我们什么时候使用其中的一种应用而取代另一种应用呢？Visual Basic是一个用于建立单独的软件部件的标准独立工具，例如，我们可以用它来编辑可执行的程序，COM 部件和动态插件控制。

基于组织的Web服务访问控制模型李怀明;王慧佳;符林【摘要】For the problem of current access control strategies difficultly guaranteeing the flexibility of authorization of complex E-government system for Web service,this paper proposes an organization-based access control model for Web services on the basis of the research of the organization-based 4 level access control model. The model takes organization as the core and studies the issue of access control and authorization management from the perspective of management. Through importing the position agent and authorization unit in the model,the authorization can be adjusted according to the change of the environment context information to implement the dynamic authorization,while taking advantage of the state migration of authorization units,provides support for workflow patterns. Furthermore,the model divides permissions into service permissions and service attribute permissions, and achieves fine-grained resource protection. Application examples show that the model can commendably fit the complex organization structure in E-government system. Moreover,it can make authorization more efficient and flexible meanwhile protecting the Web service resources.%针对现有访问控制策略难以保障面向Web服务的复杂电子政务系统授权的灵活性问题，在研究基于组织的四层访问控制模型(OB4LAC)的基础上，提出一种基于组织的Web服务访问控制模型。