Title: Document access control in organisational workflows

Authors: Timon C. Du, Eldon Y. Li, Jacqueline W. Wong

Addresses: Decision Sciences and Managerial Economics, The Chinese University of Hong Kong, Shatin, N.T., Hong Kong. ' Department of Management Information Systems, National Chengchi University, Taipei 11605, Taiwan. ' Decision Sciences and Managerial Economics, The Chinese University of Hong Kong, Shatin, N.T., Hong Kong

Abstract: A collaborative workflow is a business process with a set of linked tasks. It is important to share knowledge in document format of the workflow to achieve a business objective or policy goal. When an electronic document is shared in a collaborative workflow, appropriate access controls are needed. Access control of documents involves the correlated setting of security at the document and data levels, corresponding to the sequence of workflow activities and organisational role hierarchy. This study proposes an access control mechanism for sharing electronic documents in a document-centric Workflow Management System (WfMS). A mandatory access mechanism is used to manage access control. The mechanism is demonstrated by an example of generating a quotation document using Oracle Workflow and Oracle PL/SQL.

Keywords: document management; security control; role-based access control; RBAC; workflows; mandatory access mechanisms; Oracle PL/SQL; information security; computer security; collaborative workflow; knowledge sharing; electronic documents.

DOI: 10.1504/IJICS.2007.015504

International Journal of Information and Computer Security, 2007 Vol.1 No.4, pp.437 - 454

Available online: 22 Oct 2007 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article