The modelling of business processes is widely used in enterprises. Though this is very common, requirements for identity management and access control are often collected separately in documents or requirement tools. Due to the business-driven background of access control, this kind of requirement should be collected at the business site's business process model. This work introduces a meta-model for modelling access control requirements at the business process level. It combines the model and its requirements, reducing the risk of inconsistencies caused by process changes. A model-driven development process utilises the enriched models for generating policies for different identity management products.