摘要
为了满足产品生命周期管理系统对流程的访问控制需求,在基于角色的访问控制模型的基础上,提出一种访问控制模型,实现了产品生命周期管理系统和工作流管理系统的共同授权。由产品生命周期管理系统管理企业中的文档和用户等信息,对其进行静态授权。在流程中,为实现动态授权,防止流程死锁和权限泄漏,引入基于流程实例的对象组,用于容纳在流程中的数据;同时,允许在流程、活动和对象组这3个层次上进行授权,不同层次的权限允许被继承和重定义。这样,不仅方便管理员进行授权,而且增加了授权灵活性,细化了授权粒度。
To meet the access control requirements of workflow in product lifecycle management (PLM) system, an access control model was proposed based on the Role Based Access Control Model (RBAC) to implement the co-authorization of the Workflow Management System (WfMS) and the PLM system. PLM system was employed to manage and conduct static authorization on information such as files and users. To implement dynamic access control and avoid process deadlock and privilege leakage, the object group based on process instance was introduced. It was used to contain and manage the data used in process. Moreover, authorization could he granted from three levels: process, activity, and object group in this model. The authorization of each level could be inherited and redefined. This method has facilitated the management of administrators, and improved the flexibility and authorization granularity.
出处
《计算机集成制造系统》
EI
CSCD
北大核心
2005年第10期1367-1371,共5页
Computer Integrated Manufacturing Systems
基金
国家863/CIMS主题资助项目(2002AA4Z3310
2003AA411022)~~