【作者】 李琴；

【导师】 杨宗凯；

【作者基本信息】 华中科技大学 ， 通信与信息系统， 2006， 硕士

【摘要】 近年来印刷ERP系统不断发展。印刷企业任务多样化这一特点使得印刷ERP系统功能繁杂、用户众多。随着企业规模的扩大、职责分工的细化,印刷ERP系统容易产生用户职权不明、数据资源安全性差等问题。这是反复困扰软件开发者的主要问题。解决这些问题的根本途径在于能够灵活、方便地为不同级别的用户赋予不同的操作权限。本文围绕自主研发的印刷ERP系统——印刷行业管理解决方案(Printing Industry Management Solution,PIMS),讨论权限管理模块的分析、设计和实现。PIMS系统使用动静结合的权限管理方法,统一、可靠地保障系统安全。文章首先研究几种常用的访问控制模型,分析它们各自的优缺点。与自主访问控制模型和强制访问控制模型相比,基于角色的访问控制模型引入角色的概念,较好地解决了印刷ERP系统中用户数量众多、变动频繁的问题,仍在角色继承、模型动态性和控制算法等方面存在不足。基于任务的访问控制模型基于工作流建模,却忽略角色概念。基于任务和角色的访问控制(Task-Role-Based Access Control,T-RBAC)模型引入角色与任务的概念,较好地解决了模型的动态性和角色的生命周期约束问题。本文提出基于T-RABC模型的企业权限管理方法,设计、开发了与Web应用系统配合的授权工具和工作流程引擎等,实现了PIMS系统的权限管理。文章最后以订购单子功能为例,详细分析PIMS系统中T-RBAC模型的应用。PIMS系统已在东莞某印刷企业投入使用。它灵活方便,通过动静结合的权限管理方法,切实解决了印刷ERP系统职权不明、访问控制困难等问题,提高了企业的生产效率和整体竞争力。更多还原

【Abstract】 The printing ERP system has been developing in recently years. Printing tasks are always different. This feature makes printing ERP system have complicated functions and many users. Printing ERP system classifies users by different levels, both the parallel relationship and the subordinate affiliation. With the expansion of enterprise and the division of responsibilities, some problems have been broken out, such as chaos of responsibilities and insecurity of data resources. The fundamental way to solve these problems which trouble software developers is to authorize different users flexibly.Printing Industry Management Solution (PIMS) is an independently developed printing ERP system. The thesis discusses how to analyze, design and implement the privilege management module of PIMS. PIMS system use static and dynamic privilege management method to guarantee system security reliably.At first the thesis studies several different access control models, analyzing the advantages and disadvantages of them. Compared to Discretionary Access Control model and Mandatory Access Control model, Role-Based Access Control model uses the conception of role to solve the huge number and frequent change of users in ERP systems.But it still has some disadvantages. Task-Based Access Control model is based on workflow, but ignoring role. T-RABC (Task-Role-Based Access Control) model imports the conception of role and task, and solve the dynamic characteristic of models and the lifecycle of roles. The thesis proposes an enterprise privilege management method, implementing the static and dynamic access control in PIMS system by authorize tool, workflow engine, Web UI etc. At the end of the thesis, it uses purchase order as an example to elaborate the application of T-RABC model in PIMS.PIMS system has been deployed in a printing industry in Dong Guan. It uses static and dynamic privilege management method, resolving lots of management problems such as chaos of responsibilities, difficulties in access control and so on. PIMS system increased the production efficiency and competitiveness of printing enterprise.更多还原