| Product Data Management System which we call PDM system for short, is thepreferred platform for many manufacturing industry to reduce the cost of productdevelopment, and improve the competitiveness of enterprises. As the core technologyof PDM system, privilege management mechanism, is mainly used for the protectionof the legitimate use of system resources, preventing the illegal user access tolegitimate users of ultra viers illegal intrusion and other illegal activities. Moreover, itis powerful in guaranteeing the effective and safe operation of PDM system.But along with the continually expanding of enterprise scale, sharp increasing inthe number of users, complex resources and organization structure, business processflexibility, a series of problems emerged in an endless stream. for example,authorization is complex, the granularity of access control is not detailed enough,therefore. Higher request to the rights management mechanism in PDM system is putforward.This topic is based on PDM system and the actual business needs of cooperativeenterprises, and the common problems are the starting point for development andapplication of rights management mechanism in PDM system. Firstly, according to thefeatures of PDM system based the combination of static and dynamic authorizationand the combination of role and task, we proposed the ET-RBAC privilegemanagement model which mixes together the advantages of existing model and thesolution of above key issues. The proposed model is based on the T-RBAC model, anduse "separation of the three powers" strategy to contain the system administratorwithout constraints with new auditor role, security officer role; the new concept"structure" which denotes the user attributes constructs an image of enterpriseorganization structure; at the same time, we fine granularity of access control, dividethe task into active and passive task, and divide permissions into data level permissions and entity level permissions. In general, the model draws the advantages of existingmodel, and eliminates its limitations. The authorized management become safer andmuch more detailed and simple. PDM rights management mechanism is developed onthe platform of Windows operating system, moreover, C#language and Oracledatabase are used also.Finally, the mechanism has been run in cooperative enterprises, verifying therequirements of PDM system in privilege management. Authorization and accesscontrol function can be executed correctly, the system resources are protectedeffectively, and good user experiences are also brought. |
PDF Full Text Request