Integrating business process modelling and ERP role engineering

Authors:
Nikolaos A. Panayiotou;Sotiris P. Gayialis;Nikolaos E. Evangelopoulos
Affiliations:
School of Mechanical Engineering, Section of Industrial Management and Operational Research, National Technical University of Athens, 157-80 Zografos, Athens, Greece.;School of Mechanical Engineering, Section of Industrial Management and Operational Research, National Technical University of Athens, 157-80 Zografos, Athens, Greece.;School of Mechanical Engineering, Section of Industrial Management and Operational Research, National Technical University of Athens, 157-80 Zografos, Athens, Greece
Venue:
International Journal of Business Information Systems
Year:
2011

Citing 11
Cited 1

Role-Based Access Control Models

Computer
The ARBAC97 model for role-based administration of roles: preliminary description and outline

RBAC '97 Proceedings of the second ACM workshop on Role-based access control
A role-based access control model for protection domain derivation and management

RBAC '97 Proceedings of the second ACM workshop on Role-based access control
Process-oriented approach for role-finding to implement role-based security administration in a large industrial organization

RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Certification of programs for secure information flow

Communications of the ACM
A note on the confinement problem

Communications of the ACM
A scenario-driven role engineering process for functional RBAC roles

SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Observations on the role life-cycle in the context of enterprise security management

SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Role Hierarchies and Constraints for Lattice-Based Access Controls

ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Strategies for business process reengineering: evidence from field studies

Journal of Management Information Systems - Special section: Toward a theory of business process change management
Applying and extending a semantic foundation for role-related concepts in enterprise modelling

Enterprise Information Systems - Towards Model-driven Service-oriented Enterprise Computing - 12th International IEEE EDOC Enterprise Computing Conference (EDOC 2008)

Operating performance of Chinese manufacturers in the wake of ERP implementation

International Journal of Business Information Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

One of the essential services which information security relies on is access control. Access control is concerned with controlling the access permissions of a user to an object. The rigorous use of IT enabling technology and the implementation of large ERP systems have increased the importance of access control and especially this of role-based access control (RBAC). The success of a policy based on RBAC depends on the implementation of the role model which calls for both business engineering and information technology skills. This paper proposes a bottom-up and top-down combined approach for system roles implementation. The approach is integrated to ARIS modelling methods supporting the creation of the role system and facilitating its maintenance and future improvement. The application of the proposed approach is demonstrated in a case study of ERP role engineering in a medium industrial company.