Role-Based Access Control Models
Computer
The ARBAC97 model for role-based administration of roles: preliminary description and outline
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
A role-based access control model for protection domain derivation and management
RBAC '97 Proceedings of the second ACM workshop on Role-based access control
RBAC '00 Proceedings of the fifth ACM workshop on Role-based access control
Certification of programs for secure information flow
Communications of the ACM
A note on the confinement problem
Communications of the ACM
A scenario-driven role engineering process for functional RBAC roles
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Observations on the role life-cycle in the context of enterprise security management
SACMAT '02 Proceedings of the seventh ACM symposium on Access control models and technologies
Role Hierarchies and Constraints for Lattice-Based Access Controls
ESORICS '96 Proceedings of the 4th European Symposium on Research in Computer Security: Computer Security
Strategies for business process reengineering: evidence from field studies
Journal of Management Information Systems - Special section: Toward a theory of business process change management
Applying and extending a semantic foundation for role-related concepts in enterprise modelling
Enterprise Information Systems - Towards Model-driven Service-oriented Enterprise Computing - 12th International IEEE EDOC Enterprise Computing Conference (EDOC 2008)
Operating performance of Chinese manufacturers in the wake of ERP implementation
International Journal of Business Information Systems
Hi-index | 0.00 |
One of the essential services which information security relies on is access control. Access control is concerned with controlling the access permissions of a user to an object. The rigorous use of IT enabling technology and the implementation of large ERP systems have increased the importance of access control and especially this of role-based access control (RBAC). The success of a policy based on RBAC depends on the implementation of the role model which calls for both business engineering and information technology skills. This paper proposes a bottom-up and top-down combined approach for system roles implementation. The approach is integrated to ARIS modelling methods supporting the creation of the role system and facilitating its maintenance and future improvement. The application of the proposed approach is demonstrated in a case study of ERP role engineering in a medium industrial company.