Research And Application Of Access Control Model In Product Data Management System

PDM (Product Data Management)is a technology used to manage allproduct-related processes and product-related information. Using it is beneficial forcompanies to manage the whole life cycle of the product, and can help them improvethe productivity.As the PDM systems domestic now have no independent intellectualproperty rights almost, and are not used for specific-industry, we autonomouslydevelop a PDM system for small and medium parts business which manage both dataand process. The access control technology is a necessary part of the PDM system,thispaper is the research and application to control access of the system.Access control mainly controls what users can operate in the system due to theiridentity and duty information. The operation of the system is on project work-flow andsystem menu. There are many projects which are generated dynamically,educatedparallel and have their own life cycle, each of them contains same or differentprocesses,every process also includes a series of operations. So access control to theproject’s work-flow is to control the operation on each project’s processes. The systemalso contains a lot of system menus, each menu have multi-stage operations,the accesscontrol to system menu is to control the controls of the menu tree.The commonly used access control models now are the role-based RBAC model,the task-based TBAC model and the task-role based T-RBAC model. Since tasks of thesystem are delicate, and the in of dynamic task makes some problems when using theabove models,for example the responsibility to the same type of task is not clear,andpermission transferred is not accurate. Therefore, this paper designed theD-TRBAC(Dynamic support for dynamic type) model according the aboveproblems,combining the actual needs of the project.In the D-TRBAC model, firstly the task is divided into dynamic task and statictask,it can control the access separately according to different task type. Secondly themodel adds post, and makes the relation between role and post,role and task, establishes the role template, so that the role is only the filter condition of authorizingrather than the real objects, we can assign permissions to users through the roletemplate.Then it can overcome the above problems caused by the use of role.The D-TRBAC model retains the flexibility of the role,also can deal with thedynamic nature of the task,supports both dynamic and static authorization, details theaccess control granularity, and greatly reduces the authorized user set and thecomplexity of authorization by using role template.It can meet the system’srequirement of access control.