设为首页
加入收藏
Privilege Management Model Based on RBAC for Meteorological Data Resource Service
-
摘要: 在传统的基于角色访问权限管理 (RBAC) 模型基础上结合气象数据自身特点及共享服务中的权限控制需求,提出了一种符合气象资料管理特点的多维度权限管理模型。该模型充分考虑了气象数据进行资源共享时资料分类众多、层次化结构复杂、检索粒度不同等特点,有针对性引入了客体维度概念和更灵活的权限管理机制,较好地满足了气象部门数据共享服务系统建设的需求。该方案作为全国综合气象信息共享平台 (CIMISS) 数据服务权限控制模型的前期试验研究,构建一个多维数据权限管理原型系统用于数据访问控制。作为通用性模型,该模型可以延伸用于气象数据服务类系统应用,对确保数据库的信息安全、防止用户越权访问数据、保障管理信息系统的正常运行具有重要意义。Abstract: In recent years, Role-Based Access Control (RBAC) is apopular privilege management model at home and abroad, which has a distinct advantage than the other traditional access control technologies such as MAC and DAC.The basic principle of RBAC introduces the concept of role endued with authority between user and privilege, and user is also endued with role.However, RBAC still has its limitations when it comes to applications in meteorological department of CMA with fine-grained data access control, and distinct definition.To meet the growing demand for data sharing, a novel access control management model must be built.According to the requirements and characteristics of meteorological data sharing, a model is proposed for a general solution of data-sharing privilege management and multi-dimensional data-sharing privilege management, which is improved from RBAC model.As a shared data resource, meteorological data have a large number of classifications, with a complex hierarchical structure, and very fine particle size of retrieving. In consideration of these comprehensive characteristics, this model introduces the concept of targeted object dimensions in RBAC on the basis of more flexible rights management mechanisms and calculation formula, which improves the security and flexibility of the data sharing services to meet the needs.This model decomposes the fine-grained access privilege of sources by object dimension, and realizes access control of different levels from coarse-grained to fine-grained. The model can authorize directly not only the role but also the user, which greatly improves the flexibility and scalability.The model has been developed as re-pilot study in China Integrated Meteorological Information Sharing System (CIMISS), which is the key project and the practical application of operational systems involved in the meteorological department. A prototype system is built to verify this model. Its deployment is helpful to manage the data retrieving and information access, and simplifies data authorization, maintenance management process, and improves data security. The model supports general security framework of the meteorological database information services, which prevents unauthorized user to access data. As a result, high stability and good security of the simple privilege management model are achieved, and security management information systems based on this model will play an important role in the meteorological data service in the future operations.
-
Key words:
- RBAC;
- privilege management model;
- multi-objective dimension;
- data sharing
-
表 1 权限管理数据库表说明
Table 1 Description of the rights management database
数据表名称 说明 重要字段 Users 记录系统用户基本信息 userID:用户ID
groupID:所属的群组IDRoles 记录角色信息 rolesID:角色ID
rolesName:角色名称
rolesDesc:角色描述UserRoles 存储用户和角色的关系数据 UserRolesID:用户-角色关联ID Groups 记录用户所属群组信息 groupID:群组ID
groupName:群组名称
groupParentID:上级节点群组IDUserGroup 存储用户与群组的关系数据 UserGroupID:用户-群组关联ID GroupRoles 存储部门与角色的关系数据 GroupRolesID:群组-角色关联ID SubRoles 各个客体维角色分量与角色对应表 subRoleID:角色-维角色分量关联ID DimensionRoles 存储每个维度的角色与权限的关系数据 dimenRolesID:维角色分量ID
dimenRolesName:维角色分量名称
dimensionID:所属维的IDPrivilege 记录对数据资源的具体权限 privilegeDataID:权限值ID
privilegeDesc:权限描述DataResource 记录数据资源具体信息,名称、类别、地址等 dataResourceID:资源ID
dataResName:资源名称
dataResCategory:资源类型
dataFileType:资源文件类型Operations 记录具体的操作信息,例如增加、修改等 operationID:具体操作ID
operationName:操作名称Dimensions 记录客体维的定义信息 dimensionID:所属维的ID
semanticDesc:维应用场景描述
hierarchyXMLFile:客体维层次结构XML文件
下载: 导出CSV
-
[1] Sandhu R S, Coyne E J, Feinsteinh L, et al. Role-based access models. IEEE Computer, 1996, 29(2):38-47. doi: 10.1109/2.485845 [2] Crook R, Ince D, Nuseibeh B. Modeling access policies using roles in requirements engineering. Information and Software Technology, 2003, 45(14):979-991. doi: 10.1016/S0950-5849(03)00097-1 [3] 杨柳, 危韧勇, 陈传波.一种扩展型基于角色权限管理模型 (E-RBAC) 的研究.计算机工程与科学, 2006, 28(9):126-128. http://www.cnki.com.cn/Article/CJFDTOTAL-JSJK200609041.htm [4] 胡林平. PDM系统中权限管理方法的研究与应用.航空计算技术, 2007, 37(1):84-87. http://cdmd.cnki.com.cn/Article/CDMD-10183-1011100613.htm [5] 刘建圻, 曾碧, 郑秀璋.基于RBAC权限管理模型的改进与应用.计算机应用, 2008, 28(9):2449-2451. http://www.cnki.com.cn/Article/CJFDTOTAL-JSJY200809079.htm [6] 朱磊, 周明辉, 刘天成, 等.一种面向服务的权限管理模型.计算机学报, 2005, 28(4):677-684. http://www.cnki.com.cn/Article/CJFDTOTAL-JSJX20050400Q.htm [7] 陈琛, 陈学广, 王煜, 等.一种基于改进RBAC模型的EIS权限管理框架的研究与实现.计算机应用研究, 2010, 27(10):3855-3858. http://www.cnki.com.cn/Article/CJFDTOTAL-JSYJ201010069.htm [8] 何云强, 李建凤.RBAC中基于概念格的权限管理研究.河南大学学报:自然科学版, 2011, 41(3):308-311. http://www.cnki.com.cn/Article/CJFDTOTAL-HDZR201103019.htm [9] 仪清菊, 高梅, 接连淑, 等.网络与气象信息共享研究.应用气象学报, 2001, 12(1):127-128. http://qikan.camscma.cn/jams/ch/reader/view_abstract.aspx?file_no=20010118&flag=1 [10] 王国复, 徐枫, 吴增祥.气象元数据标准与信息发布技术研究.应用气象学报, 2005, 16(1):114-121. http://qikan.camscma.cn/jams/ch/reader/view_abstract.aspx?file_no=20050115&flag=1 [11] 吴焕萍, 罗兵, 王维国, 等.GIS技术在决策气象服务系统建设中的应用.应用气象学报, 2008, 19(3):380-384. http://qikan.camscma.cn/jams/ch/reader/view_abstract.aspx?file_no=20080362&flag=1 [12] 祝婷, 李湘.WMO信息系统中气象元数据的设计与实现.应用气象学报, 2012, 23(2):238-244. http://qikan.camscma.cn/jams/ch/reader/view_abstract.aspx?file_no=20120213&flag=1 [13] 马渝勇, 徐晓莉, 宋智, 等.省级气象信息共享系统的设计与实现.应用气象学报, 2011, 22(4):505-512. http://qikan.camscma.cn/jams/ch/reader/view_abstract.aspx?file_no=20110414&flag=1 [14] 王国复, 李集明, 邓莉, 等.中国气象科学数据共享服务网总体设计与建设.应用气象学报, 2004, 15(增刊):10-16. http://www.cnki.com.cn/Article/CJFDTotal-YYQX2004S1002.htm [15] 周峥嵘, 王琤, 何文春.分布式气象元数据同步系统的探索研究.应用气象学报, 2010, 21(1):121-128. http://qikan.camscma.cn/jams/ch/reader/view_abstract.aspx?file_no=20100117&flag=1 [16] 高峰, 王国复, 喻雯, 等.气象数据文件快速下载服务系统的设计与实现.应用气象学报, 2010, 21(2):243-249. http://qikan.camscma.cn/jams/ch/reader/view_abstract.aspx?file_no=20100215&flag=1 [17] 高峰, 王国复, 孙超, 等.后台管理模式在数据共享平台中的应用.应用气象学报, 2011, 22(3):367-374. http://qikan.camscma.cn/jams/ch/reader/view_abstract.aspx?file_no=20110314&flag=1 [18] 苗传海, 卢娟, 张凯, 等.省级公众气象信息服务业务系统.气象与环境学报, 2008, 24(5):48-51. http://www.cnki.com.cn/Article/CJFDTOTAL-LNQX200805011.htm [19] QX/T 102-2009. 气象资料分类与编码. 气象行业标准 (QX), 2009. -
图(6) / 表(1)
计量
- 摘要浏览量: 2706
- HTML全文浏览量: 1014
- PDF下载量: 1606
- 被引次数: 0
