Abstract: RBAC model is an access control model which is widely used.However，in RBAC model，privileges are administrated and controlled on role level.A user can not obtain part privileges of a role，and a role can not inherit part privileges of another role.To address the issue，by adding an element called as importance level of privilege in RBAC model，a fine-grained role-based access control model is presented，which is denoted as FGRBAC.The algorithm for solving the set of privileges belonged to a user or a role is discussed.In FGRBAC model，a user can obtain part privileges of a role，and a role can inherit part privileges of another role.RBAC model can be treated as a special case of FGRBAC model.So，the advantages of RBAC model are available in FGRBAC model，FGRBAC model is more flexible and practical than RBAC model.

Key words: RBAC, FGRBAC, importance level of privilege

摘要： RBAC模型是一种被广泛应用的访问控制模型。但是，RBAC模型是在角色级管理和控制权限，不能满足用户获得角色的部分权限和角色权限的部分继承等安全需求。针对这个问题，在RBAC模型中增加权限的重要程度要素，提出了FGRBAC模型（Fine-Grained Role-Based Access Control Model--细粒度的基于角色的访问控制模型），并给出了在FGRBAC模型中求用户权限和角色权限的算法。FGRBAC模型不仅可以使用户获得角色的部分权限、父角色可以继承子角色的部分权限，而且RBAC模型可被看成是FGRBAC模型的一种特例。因此，FGRBAC模型不仅具有RBAC模型的所有优点，而且比RBAC模型具有更好的灵活性和实用性。

关键词: RBAC, FGRBAC, 权限的重要程度