Research And Implement Of Permission Control RBAC-based In PDM

PDM (Product Data Management) is a technology to manage the product-related information and process. Based on the study and research of PDM in Dalian Passenger Company, this paper proposes a new permission control model in PDM by analyzing the demands and deficiency of traditional permission control in PDM.Firstly, the paper introduces the research background of permission control in PDM and analyzes the deficiency of home and abroad research. Then through discussing related theory of permission control and RBAC (Role-Based Access Control) technology, it puts forward that RBAC-based permission control in PDM is the research point.Secondly, the paper analyzes and studies the demand and the objects of permission control in PDM, bringing forward the concept of function permission and entity permission and establishing a permission control model in PDM through setting up user dynamic constraint to enhance authorization flexibility, adding priority of role authorization and role inheritance to avoid authorization conflict, subdividing objects to configure different permissions to different objects. The model applies RBAC theory, integrating the advantage of it and making more innovation. By analyzing the practical mechanism deeply from the point of adding user dynamic constraint, adding priority to role authorization and role inheritance and subdividing objects, it suggests a feasible project of the model.Thirdly, the system hierarchy structure is analyzed by the object-oriented method and is divided into interface layer, business logical layer and data access layer according to hierarchical idea. It uses the unified interface to exchange data between these layers. The system data model is build based on SQL Server 2005 database system and ADO.NET 2.0 is applied in the data access. The system is programmed by object-oriented program language C# 2.0.Finally, the paper develops the whole permission control system applying the research and the theory. After omnidirectional testing, it shows that this system is strict and flexible in authorization, avoiding exceeding the authority effectively, implementing security control to one data cell, adding the granularity of data access, ensuring data security and can meet the needs of practice perfectly.