Research On And Application Of The Multi-factor Configurable Data Authority For SaaS

Data access is a fine-grained access control technology, and it is used to control different type of subjects which use the same function to see different data. The existing data right solutions do not have a unified method, Generally, it is controlled by hard coding which has strong invasion and inflexible configuration, particularly in the Software as a Service(SaaS) model lacks research on data access control. Since the SaaS software has some different characteristics than those of the traditional software, such as highly concentrated data and customized tenants etc., the existed data access control methods applying on the SaaS mode will result in many shortcomings, such as tenants cannot achieve customizable features and managing multiple data access SaaS applications data access cannot be unified. In order to solve these problems, this thesis has mainly done the following work:(1) Establishing a data access system model which is suitable for SaaS model. In the first part of the thesis, the solution of the existing data access control has been studied. On the basis of the research, their respective shortcomings are analyzed. According to the characteristics of SaaS model, combined with the requirements put forward by the Multi-application, Multi-tenant, and Multi-factor(3M) Data Platform, the "4+1" view method is used to analyze and establish the system framework of data access system model.2. Studing the key problems of data access system. Frist, analyze and select the data storage method under the multi-tenant and multi-application scene. Then summarize the factors that affect the data access. Using the SQL injection method to control the relational database data access and using the data set filtering method to control non-relational database data access. Use the aspect oriented programming method to solve the problems of SaaS application using data access system. On the issue of configurable a data exchange, a method based on JavaScript Object Notation(JSON) is introduce, which make it practicable in multi SaaS application environment, and also more reasonable and simpler in the design of data access configuration.3. Designing and implementing data access system, and testing the data access system. Using the above research to establish data access system, the class diagram and UI design are presented. Three SaaS applications and a number of tenants and users are used to test the system. The experiments show that the data access control center can manage multiple SaaS applications with data authority of different tenants. And using data access control center, the amount of source code used for data access can be greatly reduced, and the development speed of SaaS applications can be increased.