Management of Authorization Rules Using Conceptual Model

Authors

Ricardo Diniz Sul, PPGI/UNIRIOFollow
Bruna Christina Pinto Brandão, PPGI/UNIRIOFollow
Leonardo Guerreiro Azevedo, PPGI/UNIRIO, IBM ResearchFollow
Fernanda Baião, Universidade Federal do Estado do Rio de Janeiro, BrazilFollow
Claudia Cappelli, UNIRIOFollow

Document Type

Article

Publication Date

5-2015

Keywords

Authorization rules, Management of authorization Rules, Metamodeling

Abstract

Information security is an important concern for information systems development. Managing and executing authorization rules (which constrain who is allowed to execute some action over which information) are crucial issues. This work presents a tool for managing authorization rules part of a role-based framework for access control. Business users may use this module to specify authorization rules using an ERM (entity-relationship model). The module was implemented using open-source technologies, in a real organization that is responsible for controlling the access of several information systems to a corporate database. An example of its use is presented, illustrating its viability and efficacy.

Comments

This paper is in Portuguese (Gestão de Regras de Autorização Usando Modelo Conceitual)

Recommended Citation

Sul, Ricardo Diniz; Brandão, Bruna Christina Pinto; Azevedo, Leonardo Guerreiro; Baião, Fernanda; and Cappelli, Claudia, "Management of Authorization Rules Using Conceptual Model" (2015). Proceedings of the XI Brazilian Symposium on Information Systems (SBSI 2015). 56.
https://aisel.aisnet.org/sbis2015/56