PDM系统中访问控制模型的研究与应用

发布时间：2018-02-09 14:28

本文关键词： PDM 访问控制 RBAC TBAC D-TRBAC访问控制模型　出处：《吉林大学》2015年硕士论文　论文类型：学位论文

【摘要】：PDM（Product Data Management），即产品数据管理，是用来管理所有与产品相关过程和跟产品相关信息的技术。使用PDM系统，有利于企业对产品的全生命周期进行管理，提高产品的生产效率。现在国内PDM系统存在大多数没有自主知识产权，而且没有对特定行业的针对性，所以我们自主研发了针对中小型汽车零部件企业的管理流程与数据的PDM系统。而访问控制技术则是PDM系统正常运行中不可缺少的一部分，本文就是对系统的访问控制进行研究与应用。访问控制主要是根据用户的身份职责信息控制对系统的使用。系统中的操作主要分为对工作流项目的和对系统菜单的。系统中存在很多动态生成并行执行且有各自生命周期的项目，每个项目包含相同或不同的流程，每一份流程又包括一系列的操作。所以对工作流项目的访问控制就是要对每个项目流程下的操作作控制。系统中也包含很多系统菜单，每一个菜单又有多级的操作，对系统菜单的控制就是对每一棵菜单树下的控件作控制。现在常用的访问控制模型主要有基于角色的RBAC模型、基于任务的TBAC模型与对两者的结合基于任务-角色的T-RBAC模型等。由于系统对任务划分较细，，且动态任务的加入使得以上模型在应用时出现如对相同类型的任务权责不明，权限转移不精确等问题。所以本文针对以上问题，结合实验项目的实际需求，对以上模型进行总结改进，设计并实现了D-TRBAC（Dynamic支持动态型）模型。在D-TRBAC模型中，首先将任务细分为动态任务与静态任务，根据任务类型的不同区别进行访问控制。其次在模型中加入了岗位，并建立角色与岗位，角色与任务的关联，建立角色模版，使得角色只作为授权的筛选条件而非授权客体，授权时通过角色模板将权限分配到用户身上，这样就能克服使用角色时引起的上述问题。 D-TRBAC模型即保留了角色的灵活性，又能应对任务的动态性，同时支持动、静态授权，细化了访问控制粒度，而且角色模板的使用也大大地缩减了授权人集，减小了授权的复杂性，能够满足系统对访问控制的要求。
[Abstract]:PDM(Product Data Management, or product data management, is a technology used to manage all product-related processes and product-related information. The use of PDM systems helps enterprises manage the entire life cycle of products. Improving the production efficiency of products. At present, most of the domestic PDM systems do not have independent intellectual property rights, and they are not targeted to specific industries. Therefore, we have independently developed a PDM system for the management process and data of small and medium-sized automobile parts enterprises, and access control technology is an indispensable part of the normal operation of the PDM system. In this paper, the access control of the system is studied and applied. Access control mainly controls the use of the system according to the user's identity, responsibility and information. The operation in the system is mainly divided into workflow items and system menus. There are a lot of dynamic generation and parallel execution in the system. Individual lifecycle projects, Each project contains the same or different processes, and each process includes a series of operations. So the access control of workflow items is to control the operations under each project process. The system also contains a lot of system menus. Each menu has multi-level operation, the control of system menu is to control the control under each menu tree. The commonly used access control models include role-based RBAC model, task-based TBAC model and task-role-based T-RBAC model. And the addition of dynamic tasks makes the above models appear in the application of the same type of tasks such as unclear authority and responsibility, authority transfer imprecise, so this paper aims at the above problems, combined with the actual needs of the experimental project, The above models are summarized and improved, and the D-TRBAC dynamic supporting dynamic model is designed and implemented. In D-TRBAC model, the task is subdivided into dynamic task and static task, and access control is carried out according to different task types. Secondly, posts are added to the model, and the relationship between roles and posts, roles and tasks is established. The role template is established so that the role can only be used as the filter condition of the authorization rather than the object of authorization and the authority is assigned to the user through the role template so as to overcome the above problems caused by the use of the role. D-TRBAC model not only retains the flexibility of roles, but also can deal with the dynamic nature of tasks. At the same time, it supports dynamic and static authorization, and refines the granularity of access control. Moreover, the use of role templates greatly reduces the number of authorized persons and reduces the complexity of authorization. Can meet the system access control requirements.
【学位授予单位】：吉林大学
【学位级别】：硕士
【学位授予年份】：2015
【分类号】：TP309

【参考文献】