关键词: 产品生命周期管理系统, 工作流管理系统, 访问控制, 基于流程实例的对象组

Abstract: To meet the access control requirements of workflow in product lifecycle management (PLM) system, an access control model was proposed based on the Role Based Access Control Model (RBAC) to implement the co-authorization of the Workflow Management System (WfMS) and the PLM system. PLM system was employed to manage and conduct static authorization on information such as files and users. To implement dynamic access control and avoid process deadlock and privilege leakage, the object group based on process instance was introduced. It was used to contain and manage the data used in process. Moreover, authorization could be granted from three levels: process, activity, and object group in this model. The authorization of each level could be inherited and redefined. This method has facilitated the management of administrators, and improved the flexibility and authorization granularity.

Key words: product lifecycle management system, workflow management system, access control, process instance based object group