Vol.23,  No.5, 
Turn off MathJax
Article Contents
Abstract
Figures and Tables
References
Related Articles
Li Dequan, Ruan Yuzhi, Yang Runzhi, et al. Privilege management model based on RBAC for meteorological data resource service. J Appl Meteor Sci, 2012, 23(5): 614-623. .
Citation: Li Dequan, Ruan Yuzhi, Yang Runzhi, et al. Privilege management model based on RBAC for meteorological data resource service. J Appl Meteor Sci, 2012, 23(5): 614-623. .
shu

Privilege Management Model Based on RBAC for Meteorological Data Resource Service

  • 1.

    National Meteorological Information Center, Beijing 100081

  • 2.

    Nanjing University of Information Science & Technology, Nanjing 210044

More Information
    Abstract
  • In recent years, Role-Based Access Control (RBAC) is apopular privilege management model at home and abroad, which has a distinct advantage than the other traditional access control technologies such as MAC and DAC.The basic principle of RBAC introduces the concept of role endued with authority between user and privilege, and user is also endued with role.However, RBAC still has its limitations when it comes to applications in meteorological department of CMA with fine-grained data access control, and distinct definition.To meet the growing demand for data sharing, a novel access control management model must be built.According to the requirements and characteristics of meteorological data sharing, a model is proposed for a general solution of data-sharing privilege management and multi-dimensional data-sharing privilege management, which is improved from RBAC model.As a shared data resource, meteorological data have a large number of classifications, with a complex hierarchical structure, and very fine particle size of retrieving. In consideration of these comprehensive characteristics, this model introduces the concept of targeted object dimensions in RBAC on the basis of more flexible rights management mechanisms and calculation formula, which improves the security and flexibility of the data sharing services to meet the needs.This model decomposes the fine-grained access privilege of sources by object dimension, and realizes access control of different levels from coarse-grained to fine-grained. The model can authorize directly not only the role but also the user, which greatly improves the flexibility and scalability.The model has been developed as re-pilot study in China Integrated Meteorological Information Sharing System (CIMISS), which is the key project and the practical application of operational systems involved in the meteorological department. A prototype system is built to verify this model. Its deployment is helpful to manage the data retrieving and information access, and simplifies data authorization, maintenance management process, and improves data security. The model supports general security framework of the meteorological database information services, which prevents unauthorized user to access data. As a result, high stability and good security of the simple privilege management model are achieved, and security management information systems based on this model will play an important role in the meteorological data service in the future operations.
    • FullText(HTML)
    • References (19)

  • Fig  1.   Multi-dimensional role access control model for data resource

    DownLoad: Full-Size Img PowerPoint

    Fig  2.   Multiple properties of data resource

    DownLoad: Full-Size Img PowerPoint

    Fig  3.   Concept of target object dimension

    DownLoad: Full-Size Img PowerPoint

    Fig  4.   Hierarchy of station property for data sourc

    DownLoad: Full-Size Img PowerPoint

    Fig  5.   Framework of multi-objective dimension access controls

    DownLoad: Full-Size Img PowerPoint

    Fig  6.   E-R model of multi-objective dimension access controls

    DownLoad: Full-Size Img PowerPoint

    Table  1   Description of the rights management database

    数据表名称 说明 重要字段
    Users 记录系统用户基本信息 userID:用户ID
    groupID:所属的群组ID
    Roles 记录角色信息 rolesID:角色ID
    rolesName:角色名称
    rolesDesc:角色描述
    UserRoles 存储用户和角色的关系数据 UserRolesID:用户-角色关联ID
    Groups 记录用户所属群组信息 groupID:群组ID
    groupName:群组名称
    groupParentID:上级节点群组ID
    UserGroup 存储用户与群组的关系数据 UserGroupID:用户-群组关联ID
    GroupRoles 存储部门与角色的关系数据 GroupRolesID:群组-角色关联ID
    SubRoles 各个客体维角色分量与角色对应表 subRoleID:角色-维角色分量关联ID
    DimensionRoles 存储每个维度的角色与权限的关系数据 dimenRolesID:维角色分量ID
    dimenRolesName:维角色分量名称
    dimensionID:所属维的ID
    Privilege 记录对数据资源的具体权限 privilegeDataID:权限值ID
    privilegeDesc:权限描述
    DataResource 记录数据资源具体信息,名称、类别、地址等 dataResourceID:资源ID
    dataResName:资源名称
    dataResCategory:资源类型
    dataFileType:资源文件类型
    Operations 记录具体的操作信息,例如增加、修改等 operationID:具体操作ID
    operationName:操作名称
    Dimensions 记录客体维的定义信息 dimensionID:所属维的ID
    semanticDesc:维应用场景描述
    hierarchyXMLFile:客体维层次结构XML文件
    DownLoad: CSV
  • Sandhu R S, Coyne E J, Feinsteinh L, et al. Role-based access models. IEEE Computer, 1996, 29(2):38-47. DOI: 10.1109/2.485845
    Crook R, Ince D, Nuseibeh B. Modeling access policies using roles in requirements engineering. Information and Software Technology, 2003, 45(14):979-991. DOI: 10.1016/S0950-5849(03)00097-1
    杨柳, 危韧勇, 陈传波.一种扩展型基于角色权限管理模型 (E-RBAC) 的研究.计算机工程与科学, 2006, 28(9):126-128. http://www.cnki.com.cn/Article/CJFDTOTAL-JSJK200609041.htm
    胡林平. PDM系统中权限管理方法的研究与应用.航空计算技术, 2007, 37(1):84-87. http://cdmd.cnki.com.cn/Article/CDMD-10183-1011100613.htm
    刘建圻, 曾碧, 郑秀璋.基于RBAC权限管理模型的改进与应用.计算机应用, 2008, 28(9):2449-2451. http://www.cnki.com.cn/Article/CJFDTOTAL-JSJY200809079.htm
    朱磊, 周明辉, 刘天成, 等.一种面向服务的权限管理模型.计算机学报, 2005, 28(4):677-684. http://www.cnki.com.cn/Article/CJFDTOTAL-JSJX20050400Q.htm
    陈琛, 陈学广, 王煜, 等.一种基于改进RBAC模型的EIS权限管理框架的研究与实现.计算机应用研究, 2010, 27(10):3855-3858. http://www.cnki.com.cn/Article/CJFDTOTAL-JSYJ201010069.htm
    何云强, 李建凤.RBAC中基于概念格的权限管理研究.河南大学学报:自然科学版, 2011, 41(3):308-311. http://www.cnki.com.cn/Article/CJFDTOTAL-HDZR201103019.htm
    仪清菊, 高梅, 接连淑, 等.网络与气象信息共享研究.应用气象学报, 2001, 12(1):127-128. http://qikan.camscma.cn/jams/ch/reader/view_abstract.aspx?file_no=20010118&flag=1
    王国复, 徐枫, 吴增祥.气象元数据标准与信息发布技术研究.应用气象学报, 2005, 16(1):114-121. http://qikan.camscma.cn/jams/ch/reader/view_abstract.aspx?file_no=20050115&flag=1
    吴焕萍, 罗兵, 王维国, 等.GIS技术在决策气象服务系统建设中的应用.应用气象学报, 2008, 19(3):380-384. http://qikan.camscma.cn/jams/ch/reader/view_abstract.aspx?file_no=20080362&flag=1
    祝婷, 李湘.WMO信息系统中气象元数据的设计与实现.应用气象学报, 2012, 23(2):238-244. http://qikan.camscma.cn/jams/ch/reader/view_abstract.aspx?file_no=20120213&flag=1
    马渝勇, 徐晓莉, 宋智, 等.省级气象信息共享系统的设计与实现.应用气象学报, 2011, 22(4):505-512. http://qikan.camscma.cn/jams/ch/reader/view_abstract.aspx?file_no=20110414&flag=1
    王国复, 李集明, 邓莉, 等.中国气象科学数据共享服务网总体设计与建设.应用气象学报, 2004, 15(增刊):10-16. http://www.cnki.com.cn/Article/CJFDTotal-YYQX2004S1002.htm
    周峥嵘, 王琤, 何文春.分布式气象元数据同步系统的探索研究.应用气象学报, 2010, 21(1):121-128. http://qikan.camscma.cn/jams/ch/reader/view_abstract.aspx?file_no=20100117&flag=1
    高峰, 王国复, 喻雯, 等.气象数据文件快速下载服务系统的设计与实现.应用气象学报, 2010, 21(2):243-249. http://qikan.camscma.cn/jams/ch/reader/view_abstract.aspx?file_no=20100215&flag=1
    高峰, 王国复, 孙超, 等.后台管理模式在数据共享平台中的应用.应用气象学报, 2011, 22(3):367-374. http://qikan.camscma.cn/jams/ch/reader/view_abstract.aspx?file_no=20110314&flag=1
    苗传海, 卢娟, 张凯, 等.省级公众气象信息服务业务系统.气象与环境学报, 2008, 24(5):48-51. http://www.cnki.com.cn/Article/CJFDTOTAL-LNQX200805011.htm
    QX/T 102-2009. 气象资料分类与编码. 气象行业标准 (QX), 2009.
    • Related Articles

  • Related Articles

    [1]Ma Qiang, Yan Jinghui, Wei Min, Xin Xiaoge, Zhang Li, Zhang Fang, Wu Tongwen. Implementation and Application of BCC CMIP6 Experimental Data Sharing Platform[J]. Journal of Applied Meteorological Science, 2022, 33(5): 617-627. DOI: 10.11898/1001-7313.20220509
    [2]Xiong Anyuan, Zhao Fang, Wang Ying, Zhang Xiaoying, Gao Feng, Deng Li, Tan Xiaohua, Ma Qiang. Design and Implementation of China Integrated Meteorological Information Sharing System (CIMISS)[J]. Journal of Applied Meteorological Science, 2015, 26(4): 500-512. DOI: 10.11898/1001-7313.20150412
    [3]Qian Jianmei, Sun Anlai, Xu Zhe, Xian Di, Gao Yun, Luo Jingning, Zheng Xudong. Fengyun Series Meteorological Satellite Data Archiving and Service System[J]. Journal of Applied Meteorological Science, 2012, 23(3): 369-376.
    [4]Ma Yuyong, Xu Xiaoli, Song Zhi, Wu Wei, Jiang Yong. The Design and Implementation of Provincial Meteorological Information Sharing System[J]. Journal of Applied Meteorological Science, 2011, 22(4): 505-512.
    [5]Gao Feng, Wang Guofu, Sun Chao, Yu Wen, Xu Yan. Application of the Background Management Model to Data Sharing Service Platform[J]. Journal of Applied Meteorological Science, 2011, 22(3): 367-374.
    [6]Li Xiaojing, Zhang Peng, Zhang Xing ying, Sun Ling, Qi Jin, Zhang Yan. Validation of Aerosol Optical Thickness Product over China with MODIS Data Operated at NSMC[J]. Journal of Applied Meteorological Science, 2009, 20(2): 147-156.
    [7]Li Jiming, Shen Wenhai, Wang Guofu. Meteorological Information Sharing Service Platform and Its Key Technologies[J]. Journal of Applied Meteorological Science, 2006, 17(5): 621-628.
    [8]Ran Maonong, Qu Jianhua, Sha Li, Yuan Wanping, Zhang Fengying, Wu Xuebao. NOAA/ATOVS Data Obtaining, Processing and Displaying Based on DVB-S System[J]. Journal of Applied Meteorological Science, 2006, 17(4): 502-507.
    [9]Wang Guofu, Xu Feng, Wu Zeng xiang. THE RESEARCH OF METEOROLOGICAL METADATA STANDARD AND INFORMATION ISSUING[J]. Journal of Applied Meteorological Science, 2005, 16(1): 114-120.
    [10]Zhuang Liw ei, Liu Gengshan, Wang Shili, Wang Jianlin. STUDY ON THE AGROMETEOROLOGICAL INFORMATION SHARE AND DELIVERY TECHNOLOGY BASED ON WEBGIS[J]. Journal of Applied Meteorological Science, 2004, 15(6): 745-753.

Catalog

    Figures(6)  /  Tables(1)

    Get Citation
    PDF
    XML
    Article views2725 PDF downloads1607 Cited by: 
    • Received : 2011-11-09
    • Accepted : 2012-05-29
    • Published : 2012-10-30
    Journal Online
    Contact

    © 2020 Journal of Applied Meteorological Science   京ICP备15006967号-1

    Supported by Beijing Renhe Information Technology Co. Ltd

    /

    DownLoad:  Full-Size Img  PowerPoint
    Return
    Return