Research And Application Of Access Control Technology In Product Data Management System

Product Data Management system,as the current mainstream data management software,mainly stores,manages,analyzes,and shares product-related data in the enterprise.With the increase of the functions of PDM systems,the resources for management have been becoming wider and wider,and the attributes of the subject and the object have been becoming more and more complex.Therefore,the requirements for access control of enterprises have been getting higher and higher.At present,the access control model adopted in most PDM systems can no longer meet the requirements of dynamic authorization and fine-grained control.Therefore,based on the PDM project independently developed by a company,this paper proposes a role-based approach based on the actual needs of the electrical enterprise.The Role and Attribute-Based Double-Centric Access Control model has been studied and applied to this model.The main work includes the following aspects:(1)The access control requirements analysis and architecture and functional module design of PDM system.First,the PDM system and the access control principle are briefly described.Then,based on the background of the PDM system developed by the enterprise,the functional requirements and non-functional requirements of the access control are analyzed respectively,and the twelve design principles of the access control models are summarized.Finally,the access control architecture and function modules are designed.(2)The design of DC-RABAC Model.Based on the introduction,analysis and comparison of the advantages and disadvantages of traditional access control models,a dual-core access control model based on roles and attributes is designed according to the requirements of PDM system.This model maintains the flexible and simple advantages of RBAC model.At the same time,the concept of attributes and policies is introduced to achieve dynamic authorization and fine-grained control.It proposes the attribute dynamic and static characteristics,adds the attribute description to the role and defines the user-attribute-role automatic allocation rule and entrustes user-temporary policy automatic granting rules to achieve automatic authorization;permission and strategy collaborative authorization mechanism is proposed,so as to achieve flexible and efficient access control.Finally,an example is given to verify the effectiveness of the model in data security management of PDM system.(3)The conflict detection and resolution in DC-RABAC Model.By analyzing the security requirements of access control model with correctness,security and completeness,this paper defined the relationships constraints among elements and elements in the access control model and designed the conflict detection and resolution algorithm.Finally,an example was given to verify the feasibility of the conflict detection and resolution algorithm.(4)Implementation of the access control model in PDM System.the DC-RABAC model was developed with C# and SQL sever and other tools in the Windows system,and was seamlessly integrated with the independently developed PDM system.Through the operation examples of user management,role management,authorization management and other modules,the practicality of the model and its dynamic,flexible and fine-grained access control were verified.