Research And Application Of Permission Management Model In The Product Lifecycle Management

Product Lifecycle Management system which we all call PLM system for short, is now widely used in the information management of the enterprise. The complete rights management in the PLM can guarantee the safety of enterprise resources and operation, to make various departments efficiently achieve every business together. However, the enterprise scale expanding has made the enterprise organization structure, resources, and business process more complex. At the same time, the rights management triggers a series of problems, such as, manual authorization is too trival, rough granularity permissions, authorization is not flexible. So the design of access control model becomes the key to study.First of all, based on the background of a certain enterprise development of PLM system, the paper analyzes the permissions management requirements for PLM system in a certain enterprise, in the view of subject, object, authorization and permissions,which are the the basic elements of he permissions management model. Then the paper summarizes permissions management model design principle of the enterprise, which foreshadowed for the research of permissions management model.Secondly, Through the analysis of the four classical rights management model, according to the need of PLM rights management, the paper puts forward a kind of multiple constraints direct permissions management model based on User-Roleprocess.The model introduces in attributes and relationship constraints, and put forward a kind of collision detection algorithm based on set, ensuring the correctness of the authorization; And roles are subdivided to reduce the complexity of the authorization; The direct authorization of users, roles and processes, has realized the flexible authorization; Permissions are subdivided into functional permissions and substantive permissions, and according to different tasks, substantive permissions are divided into the folder permissions and process state permissions, realizing fine granular permissions management; The model puts forward the concept of task file, setting the role or user for tasks folder permissions to ensure that users can successfully execute tasks and task data security; And it also puts forward the user-temporary role, temporary role-process and process-permissions automatic dispatching strategy, improving the efficiency of the authorization. Finally an example verifys the correctness of collision detection algorithm and the quickness of three kinds of authorization policy.Thirdly, acorrding to the permissions management requirements for delegation, a kind of constrained delegation model based on attribute- conditions is put forward. It adds attribute and six condition constrains to improve the controllable of delegation. Then analyzing three kinds of conflicts generated in the process of delegation, and algorithm through querying data table is put forward, efficiently detectting the three kinds of conflicts. And it is verified by an example.Finally, the direct authorization model and delegated authorization mode are realized on the windows system by using c # and SQL. Then they are applied to the enterprise development of PLM system. It proves the practicability of the two models, and achieve the authorization of simple, flexible, fine-grained requirements management.