本文關(guān)鍵詞： PDM 訪問(wèn)控制 RBAC TBAC D-TRBAC訪問(wèn)控制模型　出處：《吉林大學(xué)》2015年碩士論文　論文類型：學(xué)位論文

【摘要】：PDM（Product Data Management），即產(chǎn)品數(shù)據(jù)管理，是用來(lái)管理所有與產(chǎn)品相關(guān)過(guò)程和跟產(chǎn)品相關(guān)信息的技術(shù)。使用PDM系統(tǒng)，有利于企業(yè)對(duì)產(chǎn)品的全生命周期進(jìn)行管理，提高產(chǎn)品的生產(chǎn)效率。現(xiàn)在國(guó)內(nèi)PDM系統(tǒng)存在大多數(shù)沒(méi)有自主知識(shí)產(chǎn)權(quán)，而且沒(méi)有對(duì)特定行業(yè)的針對(duì)性，所以我們自主研發(fā)了針對(duì)中小型汽車零部件企業(yè)的管理流程與數(shù)據(jù)的PDM系統(tǒng)。而訪問(wèn)控制技術(shù)則是PDM系統(tǒng)正常運(yùn)行中不可缺少的一部分，本文就是對(duì)系統(tǒng)的訪問(wèn)控制進(jìn)行研究與應(yīng)用。 訪問(wèn)控制主要是根據(jù)用戶的身份職責(zé)信息控制對(duì)系統(tǒng)的使用。系統(tǒng)中的操作主要分為對(duì)工作流項(xiàng)目的和對(duì)系統(tǒng)菜單的。系統(tǒng)中存在很多動(dòng)態(tài)生成并行執(zhí)行且有各自生命周期的項(xiàng)目，每個(gè)項(xiàng)目包含相同或不同的流程，每一份流程又包括一系列的操作。所以對(duì)工作流項(xiàng)目的訪問(wèn)控制就是要對(duì)每個(gè)項(xiàng)目流程下的操作作控制。系統(tǒng)中也包含很多系統(tǒng)菜單，每一個(gè)菜單又有多級(jí)的操作，對(duì)系統(tǒng)菜單的控制就是對(duì)每一棵菜單樹(shù)下的控件作控制。 現(xiàn)在常用的訪問(wèn)控制模型主要有基于角色的RBAC模型、基于任務(wù)的TBAC模型與對(duì)兩者的結(jié)合基于任務(wù)-角色的T-RBAC模型等。由于系統(tǒng)對(duì)任務(wù)劃分較細(xì)，，且動(dòng)態(tài)任務(wù)的加入使得以上模型在應(yīng)用時(shí)出現(xiàn)如對(duì)相同類型的任務(wù)權(quán)責(zé)不明，權(quán)限轉(zhuǎn)移不精確等問(wèn)題。所以本文針對(duì)以上問(wèn)題，結(jié)合實(shí)驗(yàn)項(xiàng)目的實(shí)際需求，對(duì)以上模型進(jìn)行總結(jié)改進(jìn)，設(shè)計(jì)并實(shí)現(xiàn)了D-TRBAC（Dynamic支持動(dòng)態(tài)型）模型。 在D-TRBAC模型中，首先將任務(wù)細(xì)分為動(dòng)態(tài)任務(wù)與靜態(tài)任務(wù)，根據(jù)任務(wù)類型的不同區(qū)別進(jìn)行訪問(wèn)控制。其次在模型中加入了崗位，并建立角色與崗位，角色與任務(wù)的關(guān)聯(lián)，建立角色模版，使得角色只作為授權(quán)的篩選條件而非授權(quán)客體，授權(quán)時(shí)通過(guò)角色模板將權(quán)限分配到用戶身上，這樣就能克服使用角色時(shí)引起的上述問(wèn)題。 D-TRBAC模型即保留了角色的靈活性，又能應(yīng)對(duì)任務(wù)的動(dòng)態(tài)性，同時(shí)支持動(dòng)、靜態(tài)授權(quán)，細(xì)化了訪問(wèn)控制粒度，而且角色模板的使用也大大地縮減了授權(quán)人集，減小了授權(quán)的復(fù)雜性，能夠滿足系統(tǒng)對(duì)訪問(wèn)控制的要求。
[Abstract]:PDM(Product Data Management, or product data management, is a technology used to manage all product-related processes and product-related information. The use of PDM systems helps enterprises manage the entire life cycle of products. Improving the production efficiency of products. At present, most of the domestic PDM systems do not have independent intellectual property rights, and they are not targeted to specific industries. Therefore, we have independently developed a PDM system for the management process and data of small and medium-sized automobile parts enterprises, and access control technology is an indispensable part of the normal operation of the PDM system. In this paper, the access control of the system is studied and applied. Access control mainly controls the use of the system according to the user's identity, responsibility and information. The operation in the system is mainly divided into workflow items and system menus. There are a lot of dynamic generation and parallel execution in the system. Individual lifecycle projects, Each project contains the same or different processes, and each process includes a series of operations. So the access control of workflow items is to control the operations under each project process. The system also contains a lot of system menus. Each menu has multi-level operation, the control of system menu is to control the control under each menu tree. The commonly used access control models include role-based RBAC model, task-based TBAC model and task-role-based T-RBAC model. And the addition of dynamic tasks makes the above models appear in the application of the same type of tasks such as unclear authority and responsibility, authority transfer imprecise, so this paper aims at the above problems, combined with the actual needs of the experimental project, The above models are summarized and improved, and the D-TRBAC dynamic supporting dynamic model is designed and implemented. In D-TRBAC model, the task is subdivided into dynamic task and static task, and access control is carried out according to different task types. Secondly, posts are added to the model, and the relationship between roles and posts, roles and tasks is established. The role template is established so that the role can only be used as the filter condition of the authorization rather than the object of authorization and the authority is assigned to the user through the role template so as to overcome the above problems caused by the use of the role. D-TRBAC model not only retains the flexibility of roles, but also can deal with the dynamic nature of tasks. At the same time, it supports dynamic and static authorization, and refines the granularity of access control. Moreover, the use of role templates greatly reduces the number of authorized persons and reduces the complexity of authorization. Can meet the system access control requirements.
【學(xué)位授予單位】：吉林大學(xué)
【學(xué)位級(jí)別】：碩士
【學(xué)位授予年份】：2015
【分類號(hào)】：TP309

【參考文獻(xiàn)】

相關(guān)期刊論文 前10條

1 劉道斌,白碩;基于工作流狀態(tài)的動(dòng)態(tài)訪問(wèn)控制[J];計(jì)算機(jī)研究與發(fā)展;2003年03期

2 王永,劉秀軍,馬建峰;訪問(wèn)控制模型分析[J];晉中師范高等�？茖W(xué)校學(xué)報(bào);2002年02期

3 徐偉,萬(wàn)立;PDM系統(tǒng)中產(chǎn)品結(jié)構(gòu)模型的研究[J];計(jì)算機(jī)輔助設(shè)計(jì)與制造;1999年01期

4 金瓊t$,楊樹(shù)堂,蔣興浩,李建華;基于T-RBAC的企業(yè)權(quán)限管理方法[J];計(jì)算機(jī)工程;2004年19期

5 程男男;楊波;;一種帶有信任度的基于角色的信任管理模型[J];計(jì)算機(jī)應(yīng)用研究;2006年01期

6 萬(wàn)立,關(guān)衛(wèi)林,熊體凡,劉清華;PDM權(quán)限管理模型的研究與實(shí)現(xiàn)[J];機(jī)械與電子;2005年01期

7 曹天杰,張永平;基于角色訪問(wèn)控制的總體設(shè)計(jì)[J];計(jì)算機(jī)應(yīng)用與軟件;2001年08期

8 馮俊;王箭;;一種基于T-RBAC的訪問(wèn)控制改進(jìn)模型[J];計(jì)算機(jī)工程;2012年16期

9 楊宗凱;李琴;肖宇;許煒;;T-RBAC模型在ERP系統(tǒng)中的研究與實(shí)現(xiàn)[J];計(jì)算機(jī)技術(shù)與發(fā)展;2007年01期

10 譚支鵬;基于角色的工作流模型及其應(yīng)用[J];小型微型計(jì)算機(jī)系統(tǒng);2003年06期

相關(guān)博士學(xué)位論文 前1條

1 羅鑫;訪問(wèn)控制技術(shù)與模型研究[D];北京郵電大學(xué);2009年

本文編號(hào)：1498140