Activities and Event-Driven-Based Role Engineering

Many companies adopt authorization management to authorize the appropriate permission for users to operate their resources. After role-based access control (RBAC) is proposed and accepted, companies adopt a role, i.e. job position, to achieve authorization management. Although RBAC has become the preferred approach to managing access control, role engineering is an important process to go through before using RBAC. Role engineering is the process of defining roles and related information as they pertain to the user´s functional use. Role engineering is a critical success factor in implementing RBAC. This study proposes activities and event-driven-based role engineering. An event is a routine task, and activities are triggered by events. Roles are created by many overlapping events. Among the roles, events and activities form many to many relationships. Our approach adopts the relationships to define the roles and assign permissions to them. The proposed approach is suitable for organizations attempting to achieve refined role-permission planning, no matter whether or not they are using RBAC.