Hierarchical Access Control Design And Implementation Of Enterprise Information Systems

With the development of the Internet and Intranet, the enterprise information administrative systems have gotten more attention and are being used more as applications. The security of the system is critical to its implementation due to confidentiality and sensitivity of the data involved.The current development of large-scale enterprise information system and its permission administration are described in this paper. The current popular data access methods as well as their improvement is also analyzed and compared in detail.Based on the role access control and the organizing structure of enterprises, a relatively universal permission system is designed for data access control, which provides a framework solution for its application in the enterprises.In respect of module operation control, the hierarchical data access control is proposed to restrict the user's operation in accordance with the structure of enterprises, which turns the original permission system that can only be controlled by module operation into one that is controlled by the combination of access level and its operation. The advantage is to administrate the data access for users according to their position in the enterprises.A method that uses hierarchical model to control user's query result set is designed for data query control, which filters the query result set according to different permissions that user owns to access the business object, and show what is available to users. By doing that it protects the information in the better way.To make the hierarchical permission system more flexible and practical, discretionary access control for reference is used to design the function of data sharing, which allows the user to share information with each other. Setting different permissions to different the user ensures the information security.In the Heineken sales administrative system, the author has put the above designs into practice. Now the whole system is in a good state. The methods of all these realization are expatiated in the paper.The practice of Heineken sales administrative information system has indicated that the hierarchical permission system boasts an excellent practical value in the large enterprise information system due to its higher security and stricter data access.