The article proposes a new RBAC-based role hierarchical control and user business restriction hybrid permission management model (N2RBAC), which defines the role's shared permissions, the role shadow permissions based on hierarchical control, and the user's private business constraints; this model is better than the traditional RBAC or its revised model has higher flexibility and wider applicability, solves the contradiction between commonality and individuality between roles and users, not only simplifies the user authorization management in the information system, but also enables users with the same role to The same functional modules can have different operating restrictions; the design principles and implementation methods of N2RBAC are discussed in detail; application practice shows that the model is easy to use, flexible in setting, and can effectively meet the needs of permission management of various information systems. keywords
