Authorization rules, Management of authorization Rules, Metamodeling
Information security is an important concern for information systems development. Managing and executing authorization rules (which constrain who is allowed to execute some action over which information) are crucial issues. This work presents a tool for managing authorization rules part of a role-based framework for access control. Business users may use this module to specify authorization rules using an ERM (entity-relationship model). The module was implemented using open-source technologies, in a real organization that is responsible for controlling the access of several information systems to a corporate database. An example of its use is presented, illustrating its viability and efficacy.
Sul, Ricardo Diniz; Brandão, Bruna Christina Pinto; Azevedo, Leonardo Guerreiro; Baião, Fernanda; and Cappelli, Claudia, "Management of Authorization Rules Using Conceptual Model" (2015). Proceedings of the XI Brazilian Symposium on Information Systems (SBSI 2015). 56.