Research Of Access Control Model In GIS Based On Business Process

The research of access control in business process based geographic information systemsis to resolve the security problem of spatial data in it. Access control mechanism is used todynamically control the users' accessible spatial objects and permissions.By research of access control demands in business process based GIS, this articleproposed an access control model in business process based GIS (PG-RBAC). PG-RBAC,which extends the RBAC model, is based on OGIS spatial data model, so to satisfy the accesscontrol demand of spatial data in GIS. PG-RBAC in one hand redefines the concepts ofspatial role and spatial role instance based on the relationship between role and spatial data.Spatial role includes accessible feature types. Spatial role instance is produced by the user'slocation and spatial role. Permissions that can be assigned to the user are determined onpermissions assigned to the spatial role of the instance. In the other hand, PG-RBAC definesthe concepts of "spatial business process" and "spatial task", which are based on therelationship between business process and spatial data. Spatial business process includes thefeature types which connect with the business process. Business process instance includes thefeatures which connect with the business process instance. Permissions are assigned to spatialbusiness process and spatial task at build time. At run time, users' access permissions arecontrolled by the relative spatial object's location which produced by spatial business processinstance. Access control function is defined on base of spatial role and spatial task etc. Whena user brings up an access request, the access control function determines whether the requestcan be satisfied or not by checking on the permissions assigned to the user's spatial roleinstance or assigned to the task executed by the user.The access control system based on this model is put in use of Examine and Approve ofConstructive Land System, and gains good efficiency in practice. It is proved that PG-RBACcan resolve the access control problem of spatial data in business process based GIS, controlthe users' accessible extent effectively, and obtain better security of spatial data withoutaffecting the tasks.