Title: Integrating business process modelling and ERP role engineering

Authors: Nikolaos A. Panayiotou, Sotiris P. Gayialis, Nikolaos E. Evangelopoulos

Addresses: School of Mechanical Engineering, Section of Industrial Management and Operational Research, National Technical University of Athens, 157-80 Zografos, Athens, Greece. ' School of Mechanical Engineering, Section of Industrial Management and Operational Research, National Technical University of Athens, 157-80 Zografos, Athens, Greece. ' School of Mechanical Engineering, Section of Industrial Management and Operational Research, National Technical University of Athens, 157-80 Zografos, Athens, Greece

Abstract: One of the essential services which information security relies on is access control. Access control is concerned with controlling the access permissions of a user to an object. The rigorous use of IT enabling technology and the implementation of large ERP systems have increased the importance of access control and especially this of role-based access control (RBAC). The success of a policy based on RBAC depends on the implementation of the role model which calls for both business engineering and information technology skills. This paper proposes a bottom-up and top-down combined approach for system roles implementation. The approach is integrated to ARIS modelling methods supporting the creation of the role system and facilitating its maintenance and future improvement. The application of the proposed approach is demonstrated in a case study of ERP role engineering in a medium industrial company.

Keywords: role engineering; RBAC; role-based access control; business process modelling; permission definition; system integration; information security; access control; access permissions; users; enabling technology; role models; ARIS; systems architecture; integrated information systems; SAP; Greece; business information systems; ERP; enterprise resource planning; ICT infrastructures; information technology; communications technology.

DOI: 10.1504/IJBIS.2011.041087

International Journal of Business Information Systems, 2011 Vol.8 No.1, pp.66 - 86

Available online: 01 Jul 2011 *

Full-text access for editors Access for subscribers Purchase this article Comment on this article