本文關(guān)鍵詞： PDM 訪問控制 RBAC TBAC D-TRBAC訪問控制模型　出處：《吉林大學(xué)》2015年碩士論文　論文類型：學(xué)位論文

【摘要】：PDM（Product Data Management），即產(chǎn)品數(shù)據(jù)管理，是用來管理所有與產(chǎn)品相關(guān)過程和跟產(chǎn)品相關(guān)信息的技術(shù)。使用PDM系統(tǒng)，有利于企業(yè)對產(chǎn)品的全生命周期進行管理，提高產(chǎn)品的生產(chǎn)效率�，F(xiàn)在國內(nèi)PDM系統(tǒng)存在大多數(shù)沒有自主知識產(chǎn)權(quán)，而且沒有對特定行業(yè)的針對性，所以我們自主研發(fā)了針對中小型汽車零部件企業(yè)的管理流程與數(shù)據(jù)的PDM系統(tǒng)。而訪問控制技術(shù)則是PDM系統(tǒng)正常運行中不可缺少的一部分，本文就是對系統(tǒng)的訪問控制進行研究與應(yīng)用。 訪問控制主要是根據(jù)用戶的身份職責(zé)信息控制對系統(tǒng)的使用。系統(tǒng)中的操作主要分為對工作流項目的和對系統(tǒng)菜單的。系統(tǒng)中存在很多動態(tài)生成并行執(zhí)行且有各自生命周期的項目，每個項目包含相同或不同的流程，每一份流程又包括一系列的操作。所以對工作流項目的訪問控制就是要對每個項目流程下的操作作控制。系統(tǒng)中也包含很多系統(tǒng)菜單，每一個菜單又有多級的操作，對系統(tǒng)菜單的控制就是對每一棵菜單樹下的控件作控制。 現(xiàn)在常用的訪問控制模型主要有基于角色的RBAC模型、基于任務(wù)的TBAC模型與對兩者的結(jié)合基于任務(wù)-角色的T-RBAC模型等。由于系統(tǒng)對任務(wù)劃分較細(xì)，，且動態(tài)任務(wù)的加入使得以上模型在應(yīng)用時出現(xiàn)如對相同類型的任務(wù)權(quán)責(zé)不明，權(quán)限轉(zhuǎn)移不精確等問題。所以本文針對以上問題，結(jié)合實驗項目的實際需求，對以上模型進行總結(jié)改進，設(shè)計并實現(xiàn)了D-TRBAC（Dynamic支持動態(tài)型）模型。 在D-TRBAC模型中，首先將任務(wù)細(xì)分為動態(tài)任務(wù)與靜態(tài)任務(wù)，根據(jù)任務(wù)類型的不同區(qū)別進行訪問控制。其次在模型中加入了崗位，并建立角色與崗位，角色與任務(wù)的關(guān)聯(lián)，建立角色模版，使得角色只作為授權(quán)的篩選條件而非授權(quán)客體，授權(quán)時通過角色模板將權(quán)限分配到用戶身上，這樣就能克服使用角色時引起的上述問題。 D-TRBAC模型即保留了角色的靈活性，又能應(yīng)對任務(wù)的動態(tài)性，同時支持動、靜態(tài)授權(quán)，細(xì)化了訪問控制粒度，而且角色模板的使用也大大地縮減了授權(quán)人集，減小了授權(quán)的復(fù)雜性，能夠滿足系統(tǒng)對訪問控制的要求。
[Abstract]:PDM(Product Data Management, or product data management, is a technology used to manage all product-related processes and product-related information. The use of PDM systems helps enterprises manage the entire life cycle of products. Improving the production efficiency of products. At present, most of the domestic PDM systems do not have independent intellectual property rights, and they are not targeted to specific industries. Therefore, we have independently developed a PDM system for the management process and data of small and medium-sized automobile parts enterprises, and access control technology is an indispensable part of the normal operation of the PDM system. In this paper, the access control of the system is studied and applied. Access control mainly controls the use of the system according to the user's identity, responsibility and information. The operation in the system is mainly divided into workflow items and system menus. There are a lot of dynamic generation and parallel execution in the system. Individual lifecycle projects, Each project contains the same or different processes, and each process includes a series of operations. So the access control of workflow items is to control the operations under each project process. The system also contains a lot of system menus. Each menu has multi-level operation, the control of system menu is to control the control under each menu tree. The commonly used access control models include role-based RBAC model, task-based TBAC model and task-role-based T-RBAC model. And the addition of dynamic tasks makes the above models appear in the application of the same type of tasks such as unclear authority and responsibility, authority transfer imprecise, so this paper aims at the above problems, combined with the actual needs of the experimental project, The above models are summarized and improved, and the D-TRBAC dynamic supporting dynamic model is designed and implemented. In D-TRBAC model, the task is subdivided into dynamic task and static task, and access control is carried out according to different task types. Secondly, posts are added to the model, and the relationship between roles and posts, roles and tasks is established. The role template is established so that the role can only be used as the filter condition of the authorization rather than the object of authorization and the authority is assigned to the user through the role template so as to overcome the above problems caused by the use of the role. D-TRBAC model not only retains the flexibility of roles, but also can deal with the dynamic nature of tasks. At the same time, it supports dynamic and static authorization, and refines the granularity of access control. Moreover, the use of role templates greatly reduces the number of authorized persons and reduces the complexity of authorization. Can meet the system access control requirements.
【學(xué)位授予單位】：吉林大學(xué)
【學(xué)位級別】：碩士
【學(xué)位授予年份】：2015
【分類號】：TP309

【參考文獻】

相關(guān)期刊論文 前10條

1 劉道斌,白碩;基于工作流狀態(tài)的動態(tài)訪問控制[J];計算機研究與發(fā)展;2003年03期

2 王永,劉秀軍,馬建峰;訪問控制模型分析[J];晉中師范高等�？茖W(xué)校學(xué)報;2002年02期

3 徐偉,萬立;PDM系統(tǒng)中產(chǎn)品結(jié)構(gòu)模型的研究[J];計算機輔助設(shè)計與制造;1999年01期

4 金瓊t$,楊樹堂,蔣興浩,李建華;基于T-RBAC的企業(yè)權(quán)限管理方法[J];計算機工程;2004年19期

5 程男男;楊波;;一種帶有信任度的基于角色的信任管理模型[J];計算機應(yīng)用研究;2006年01期

6 萬立,關(guān)衛(wèi)林,熊體凡,劉清華;PDM權(quán)限管理模型的研究與實現(xiàn)[J];機械與電子;2005年01期

7 曹天杰,張永平;基于角色訪問控制的總體設(shè)計[J];計算機應(yīng)用與軟件;2001年08期

8 馮俊;王箭;;一種基于T-RBAC的訪問控制改進模型[J];計算機工程;2012年16期

9 楊宗凱;李琴;肖宇;許煒;;T-RBAC模型在ERP系統(tǒng)中的研究與實現(xiàn)[J];計算機技術(shù)與發(fā)展;2007年01期

10 譚支鵬;基于角色的工作流模型及其應(yīng)用[J];小型微型計算機系統(tǒng);2003年06期

相關(guān)博士學(xué)位論文 前1條

1 羅鑫;訪問控制技術(shù)與模型研究[D];北京郵電大學(xué);2009年

本文編號：1498140