| Product Data Management is an integrated technology to manage product-related datum and process. Security concern of PDM system is stressed since the application of PDM system in manufacture company becomes popular. How to control the access of product data in the collaboration environment is critical in the research and application of PDM system. Based on the research and development of AVIDM system, this article makes improvement of the current access control model after analyzing the requirement of its access control.This article discusses the importance of access control in PDM systems, and shows the research status of access control and fundamental theories --- DAC(Discretionary Access Control), MAC(Mandatory Access Control), RBAC(Role-Based Access Control), RuleBAC(Rule-Based Access Control), TBAC(Task-Based Access Control).Moreover, the use of access rule in AVIDM system is analyzed. Giving the limitation of hard-coded access rule widely used across the system, this article proposes a form of configurable rule which model rules by subject constraints and object constraints, and designs a configurable-rule-based access control model. Also, formal description of rules by RuleML is provided to make rule definition in AVIDM flexible and scalable.Finally, this article introduces the workflow subsystem in AVIDM. In order to leverage the active characteristic of active security model to solve the problems existing in access control of workflow system, this article designs a task-based access control model of workflow system. In this model, activity and activity transition are both considered as context information of permission assignment, thus permission set owned by subject is capable of changing with the activity or activity transition. The implementation and application of this model has proved that it can satisfy the need for dynamic permission assignment in workflow system. |
PDF Full Text Request