Role - based Access Control in Educational Administration System

. In the 21st century, the network of teaching management not only improves its quality and efficiency but also brings convenience to teachers and students. However, as a network application system, it also faces a variety of security issues. In order to improve the system security , the widely-used RBAC control method is introduced in this paper. Based on the refinement of system privilege and user role, this paper puts forward the security management model of "user classification, role authorization , Unified management ", which is more suited to the structure of multi-level applications by controlling the data range accessible to users, and ultimately achieves the purpose of strengthening the security of the system.


Introduction
In the 21st century, along with the rapid development of computers and the widespread use of the network, the growing size of the school, are making the school's educational administration is extremely important, educational management network model not only to teachers and students to bring convenient But also improve the quality and efficiency of teaching management. Combine the characteristics of the current school development, make full use of the existing campus network resources, development in line with the future development of the school educational management system, and further optimize and improve educational management methods and processes for better teaching services, has important practical Meaning, but also can promote the school's information technology and digital campus construction. As an important subsystem of the digital campus, the educational administration system is also very important. In order to solve the traditional security problem in educational administration system, this paper puts forward the RBAC-based control method which is widely used in the system [1] . Through the refinement of system privilege and user role, the control data can be accessed, So that the model is more suitable for multi-level application structure. The paper puts forward the security management mode of "user classification, role authorization, unified management", and finally achieves the purpose of strengthening the security access of the system.

RBAC
Role-based access control (RBAC) is the role through the contact users and permissions, by directly to the role of authorization to control the ownership of the user's access to the system operation. What is "role", in fact, the user can operate in the system permissions set, the definition of the role, the system can give users different roles to obtain the appropriate access. Users have many-to-many relationships with roles, and roles and permissions are also many-to-many. This mechanism allows the user to have privileges only through the role.
In the basic structure of RBAC, each user in the landing system will establish a session (Session), and through the session to activate the role of the user and activate the

System security analysis
The security scheme of the educational administration system is based on the role-based access control under the premise of identity authentication, so the system security requirements mainly involve the following aspects:

1) users and rights management
The system administrator is responsible for managing each user and authority in the system. Its specific management functions mainly include creating users and roles and defining and assigning various operation rights of the system, and according to the user's level and responsibility. Role of the grant and recycling, to ensure that each user can only be authorized within the scope of legitimate operations, while the system administrator also has the appropriate resources to manage the operation of the corresponding functional data responsibilities.
2) user authentication School students, teachers and managers at all levels use their own account number (student number, employee number, etc.) for system login. Only users with identity and password authentication during logon can perform their own privileges in the system.
3) Access control WEB server, database server are deployed in the campus network platform, the system must strictly control the various users can only perform their own operating authority to ensure system security.

3.1
User role analysis RBAC model in the management of user rights is based on the role of the general role can be given to multiple users with a role, but also can give a variety of roles to a single user. Any user of a system has a unique symbol (UserID, user name, employee number, student number, etc.) [2] that can identify itself in the system. The user must first authenticate the identity through the authentication module when logging in the system. Of users can log on the system, and the system also need to determine whether the user is already in the login state of the function, to prevent duplication of registration caused by various information fraud. The following are two requirements for the roles in the educational administration system: 1) The role of the educational administration system created by the administrator, specifically according to the school's organizational structure and the actual business functions set, the system provides a special module to manage users and roles.
2) Each role in the academic management system also has a unique number to identify their own, and save the role of the relevant institutional information (such as college, department number), which can facilitate the role and authority to manage. in which the role of each role in the system records of the operation of the system resources. At the same time, this table also reflects the system's various business functions.

Object privilege analysis
2) The module function of the system can be expressed in the form of the function menu, which can facilitate the control of users with certain roles to add, delete, change and so on the function modules in the system.
3) As the role of the size of the problem of partition, each role has a corresponding set of permissions, and when a user has more than one role, then the user should have access to all the roles of its authority is a role of authority And set, in this case, the union may appear duplication of the same user rights, but this does not affect the user has the total permissions.
4) The administrator in the user function module for the distribution of authority, the main strategy is to set the user in the function of the various components of the object permissions, such as menu, field properties.
In the basic structure of the RBAC model, the user will establish a session with the system upon login, which is responsible for activating all the roles granted by the user. The user can have the role of the authority during this session, the user during the establishment of the process of access to the system role of the specific process as shown in Fig2.
After the user logs in to the system and the authentication succeeds, the user obtains the role and the corresponding authority, and determines whether to allow the access request resource according to the role privilege [3] . Fig5 is a state diagram of the user login system, reflecting the process of user login system status.The security scheme of the educational administration system is role-based access control under the premise of identity authentication, so only the users who succeed in authentication can have the role privilege and access the corresponding system resources. The authentication function of the educational administration system is realized by Java security programming interface The certification process is roughly described as follows: When the user logs in, the system creates the Although different positions are not exactly the same as the role of division, but the role of the system as the level of distinction between the level of the same job [4] . For example, in the system, in charge of teaching school principals and system administrators, the role of the system administrator is actually more important than the principal, so the system administrator should have greater system privileges, which in the role of the division to reflect the different Level of the hierarchy.
In the school, the general use of educational administration system users mainly include: system administrators, departmental administrators, module administrators, teaching management personnel and a series of management personnel and general teachers and students. When we divide roles into these users, the strategy is to first split the roles into two different levels: 1)low-level roles both general role: including ordinary teachers and students, the role of the class have some common ground: the authority is generally fixed limited, in the role of such authorization, the general can be granted directly to the fixed authority .
2)senior roles both special roles  authorization is more flexible, in addition to its authority can be granted directly, but also inherit other roles permissions. [5] Follow the above rules to classify and classify the various roles of the educational administration system (low-level role, senior role), the specific division is as follows: 1) Low-level role: students, general teachers, counselors.

Summary
In the educational administration system, we