Document Type

Article

Publication Date

5-2015

Keywords

Authorization rules, Management of authorization Rules, Metamodeling

Abstract

Information security is an important concern for information systems development. Managing and executing authorization rules (which constrain who is allowed to execute some action over which information) are crucial issues. This work presents a tool for managing authorization rules part of a role-based framework for access control. Business users may use this module to specify authorization rules using an ERM (entity-relationship model). The module was implemented using open-source technologies, in a real organization that is responsible for controlling the access of several information systems to a corporate database. An example of its use is presented, illustrating its viability and efficacy.

Comments

This paper is in Portuguese (Gestão de Regras de Autorização Usando Modelo Conceitual)

Share

COinS