Integrating business process modelling and ERP role engineering

Abstract

One of the essential services which information security relies on is access control. Access control is concerned with controlling the access permissions of a user to an object. The rigorous use of IT enabling technology and the implementation of large ERP systems have increased the importance of access control and especially this of role-based access control (RBAC). The success of a policy based on RBAC depends on the implementation of the role model which calls for both business engineering and information technology skills. This paper proposes a bottom-up and top-down combined approach for system roles implementation. The approach is integrated to ARIS modelling methods supporting the creation of the role system and facilitating its maintenance and future improvement. The application of the proposed approach is demonstrated in a case study of ERP role engineering in a medium industrial company. Copyright © 2011 Inderscience Enterprises Ltd.