Modeling Support for Role-Based Delegation in Process-Aware Information Systems

Schefer-Wenzl, Sigrid; Strembeck, Mark

doi:10.1007/s12599-014-0343-3

Cited by 6 publications

(7 citation statements)

References 49 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Process models capture information on process activities, the flow relation between those activities, organisational resources that perform the activities, and information artefacts that are used and produced by the activities (Curtis et al , 1992). The information provided by process models on organisational resources – the organisational perspective – is used in a variety of ways in organisations, such as in learning responsibilities (Davies et al , 2006), managing resources (Browning, 2010) and allocating resources to tasks (Schefer-Wenzl and Strembeck, 2014).…”

Section: Theoretical Backgroundmentioning

confidence: 99%

Identification and analysis of handovers in organisations using process model repositories

Leyer

İren

Aysolmaz

2020

BPMJ

View full text Add to dashboard Cite

PurposeIdentifying handovers is an important but difficult to achieve goal for companies as handovers have advantages allowing for specialisation in processes as well as disadvantages by creating erroneous interfaces.Design/methodology/approachConceptualisation of a method based on theory and evaluation with company data using a process model repository.FindingsThe method allows to evaluate handovers from the perspective of roles in processes and grouping of employees in organisational units. It uses existing process model repositories connected with organisational chart information in companies to determine the density of handovers. The method is successfully evaluated using the example of a major telecommunications company with 1,010 process models in its repository.Practical implicationsCompanies can determine on various levels, up to the overall organisational level, in which parts of the company efforts are best spent to manage handovers in an optimal way.Originality/valueThis paper is first in showing how handovers can be conceptualised and identified with a large-scale method.

show abstract

Section: Theoretical Backgroundmentioning

confidence: 99%

Identification and analysis of handovers in organisations using process model repositories

Leyer

İren

Aysolmaz

2020

BPMJ

View full text Add to dashboard Cite

show abstract

“…of k-n RSSOD constraints, and the output is set C = {c 1 ,c 2 ,...} of 2-2 SMER constraints, such that C enforces E. In order to construct 2-2 SMER constraints, it is necessary to find a set of roles S, such that each role in S at least has permissions in e i (line 4). Then, if any role has all the permissions in e i , we declare e i as nonenforceable (lines [5][6][7][8]; otherwise, we analyze each pair of roles (r i , r j ) to determine whether they are valid 2-2 SMER constraints. If r i and r j are mutually exclusive roles, each one contains at least a mutually exclusive permission that must be absent in the other (lines 9-17).…”

Section: Algorithm 2 Construction Of 2-2 Smer Constraintsmentioning

confidence: 99%

“…With the successful implementations of RBAC systems, designing an effective, complete set of roles and constructing a good RBAC system have become critical tasks. As a solution to facilitate the process of migrating from a non-RBAC system to an RBAC system, role-engineering technology [8,9] has been proposed. There are two main approaches: top-down [10] and bottom-up [11][12][13][14][15][16].…”

Section: Introductionmentioning

confidence: 99%

Role-Mining Optimization with Separation-of-Duty Constraints and Security Detections for Authorizations

et al. 2019

View full text Add to dashboard Cite

Role-based access control (RBAC), which has been regarded as one of the most popular access-control mechanisms, is featured by the separation-of-duty constraints, mutually exclusive constraints, and the least-privileges principle. Role mining, a bottom-up role-engineering technology, is an effective method to migrate from a non-RBAC system to an RBAC system. However, conventional role-mining approaches not only do not consider the separation of duty constraints, but also cannot ensure the security of a constructed RBAC system when the corresponding mined results violate the separation of a duty constraint and/or the least-privileges principle. To solve these problems, this paper proposes a novel method called role-mining optimization with separation-of-duty constraints and security detections for authorizations (RMO_SODSDA), which mainly includes two aspects. First, we present a role-mining-optimization approach for satisfying the separation of duty constraints, and we constructed different variants of mutually exclusive constraints to correctly implement the given separation of duty constraints based on unconstrained role mining. Second, to ensure the security of the constructed system and evaluate authorization performance, we reduced the authorization-query problem to a maximal-satisfiability problem. The experiments validate the effectiveness and efficiency of the proposed method.

show abstract

“…The top-down role-engineering approach defines particular roles for job responsibilities and decomposes them into smaller units by analyzing the business processes of organizations in detail. Once the required privileges for performing specific tasks are identified, they are grouped into appropriate functional roles [10]. This process is repeated until all the job functions are covered.…”

Section: Introductionmentioning

confidence: 99%

Hybrid Role-Engineering Optimization with Multiple Cardinality Constraints Using Natural Language Processing and Integer Linear Programming Techniques

Sun

2022

Mobile Information Systems

View full text Add to dashboard Cite

Role-based access control (RBAC) is a widely popular access control mechanism because of its convenience for authorization administration, as well as various security policies, such as separation-of-duty constraints and cardinality constraints. In recent few years, role-engineering technology has emerged as an efficient approach to construct optimal RBAC systems. However, the top-down approaches are labor-intensive and error-prone; the bottom-up approaches lack flexibility and scalability as the organizational requirements change dynamically, and cannot generate valuable or meaningful roles that are relevant to actual application scenarios. Furthermore, most conventional methods do not consider multiple cardinality constraints. To address these issues, this paper proposes a novel hybrid role-engineering method. First, to develop an initial access control system while alleviating manual workloads, we use the natural language processing techniques to extract machine-readable and machine-enforceable access control policies from the top-down natural language requirement documents. Second, to flexibly meet diverse organizational requirements while enhancing the security of role-engineering processes, according to different evaluation measures or optimization objectives, we define several variants of the optimization problem with multiple cardinality constraints via Boolean matrix decomposition and present a unified modelling framework for these variants using integer linear programming technique. Third, to verify whether the constraints can be satisfied in the constructed access control system, we present the heuristic optimization algorithms in the bottom-up ways. The experimental evaluations demonstrate the effectiveness and efficiency of the proposed method.

show abstract

Modeling Support for Role-Based Delegation in Process-Aware Information Systems

Cited by 6 publications

References 49 publications

Identification and analysis of handovers in organisations using process model repositories

Identification and analysis of handovers in organisations using process model repositories

Role-Mining Optimization with Separation-of-Duty Constraints and Security Detections for Authorizations

Hybrid Role-Engineering Optimization with Multiple Cardinality Constraints Using Natural Language Processing and Integer Linear Programming Techniques

Contact Info

Product

Resources

About