Extending Role-based Access Control for Business Usage
Heiko Klarl1, 2, Korbinian Molitorisz3, Christian Emig1, 3, Karsten Klinger1 and Sebastian Abeck3
1iC Consult GmbH, Keltenring 14, 82041 Oberhaching, Germany
2Media Computing, University of Regensburg, Germany
3Cooperation & Management, University of Karlsruhe (TH), Germany
Abstract
Role-based access control (RBAC) is used for managing
authorisation in IT systems, by utilising the concept of
roles. Existing approaches do not clearly define the term
“role” in its different contexts as well as not considering
the relation between roles and business process modelling.
Therefore this work introduces business and system role-
based access control (B&S-RBAC). Established role-based
access control models are extended with a business per-
spective and the term role is defined from a business and
from an IT perspective, resulting in business and system
roles. The relation between them is shown in a meta-model
and the usage of business roles for secure business process
modelling is explained.
Keywords: RBAC, Roles, Business Process Modelling,
Identity Management, Access Control, Business-IT Align-
ment.
1 Introduction
Nowadays nearly every business process is extensively
supported by IT systems. Globalisation and hard compe-
tition led to short reaction times in adapting business pro-
cesses and mergers and acquisitions are still challenges for
every enterprise. Due to these conditions, demands for the
companies’ IT systems, business processes and their secu-
rity architecture arise [10]. Business process modelling [17]
tries to cope with those needs as modelled business pro-
cesses are easier to understand, better to redesign and exe-
cutable codes can be generated by model-driven techniques.
As not everyone is allowed to execute particular business
processes, identity management (IdM) ensures that only au-
thorised persons may do so. In order to achieve this, role in-
formation can be assigned to activities within the business
process. In order to accomplish authorisation of the busi-
ness processes’ activities within the supporting IT systems,
role-based access control (RBAC) may be used. But differ-
ent views and definitions of “roles” complicate the RBAC
approach enormously. Within the business process infor-
mation on roles consists of job functions or business tasks
and roles are often more or less just descriptive information.
In contrast, RBAC roles within IT systems encapsulate per-
missions but do often not have any relation to the business
perspective of roles. Generally, the term role used in RBAC
does not distinguish between business and IT. In order to
unify these two different concepts of roles, an error prone
coordination process between business and IT department
arises [2], when business focused roles have to be trans-
ferred to the technological-focused RBAC roles. A first step
to overcome this weakness is to extend existing business
and IT role models and to link them .
This document proposes a responsibility modeling language (ReMoLa) to align access rights with business process requirements. ReMoLa is a responsibility-centered meta-model that integrates concepts from the business and technical layers, with the concept of employee responsibility bridging the two. It incorporates four types of obligations from the COBIT framework to refine employee responsibilities and better assign access rights. ReMoLa maps responsibilities to roles in the RBAC model to leverage its advantages for access right management while ensuring responsibilities align with business tasks and employee commitment.
Re mola responsibility model language to align access rights with business pr...christophefeltus
This document proposes a responsibility modeling language (ReMoLa) to align access rights with business process requirements. ReMoLa is a responsibility-centered meta-model that integrates both business and technical perspectives to bridge the gap between them. It uses the concept of employee responsibilities to link business obligations to the technical capabilities and access rights needed to fulfill those obligations. The meta-model includes concepts like responsibilities, obligations, accountabilities, capabilities, and rights. It also maps these concepts to the four types of obligations from the COBIT framework to better define employee responsibilities and access rights assignments based on real needs.
A Proposed Security Model for Web Enabled Business Process Management SystemCSCJournals
Many organizations in industry and civilian government start deploying Business Process Management systems (BPMS) and technology in their IT applications. This could lead to a dramatic operational efficiency improvement on their business and administrative environments. With these atmospheres, the security issue is becoming a much more important challenge in the BPMS literature. The Role-Based Access Control (RBAC) model has been accepted as a promise security model solution and standard. RBAC is able to accomplish the central administration of an organizational specific security policy. It is also able to meet the secure processing needs of many commercial and civilian government organizations. In spite of these facts, RBAC model is not reliable when applying to the BPMS without further modifications and extensions. RBAC is modified to fit with Service oriented (SRBAC), but still not reliable enough to handle BPMS. Authors of that research proposed a security model based on SRBAC model to be more reliable when using with BPMS. Authors of that research named that proposed security model as Improved Role Based Access Control (IRBAC). The IRBAC model is directly applicable to the BPMS. Authors defined a graphical representation and technical implementation of the IRBAC model. This IRBAC model is tested using simple case study. The test compares between the IRBAC model and SRBAC model where IRBAC is implemented in two cases (IRBAC with caching and IRBAC with no caching). The test results show the validity and performability of the IRBAC model.
Aligning the business operations with the appropriate IT infrastructure is a challenging and critical activity. Without efficient business/IT alignment, the companies face the risk not to be able to deliver their business services satisfactorily and that their image is seriously altered and jeopardized. Among the many challenges of business/IT alignment is the access rights management which should be conducted considering the rising governance needs, such as taking into account the business actors' responsibility. Unfortunately, in this domain, we have observed that no solution, model and method, fully considers and integrates the new needs yet. Therefore, the paper proposes firstly to define an expressive Responsibility metamodel, named ReMMo, which allows representing the existing responsibilities at the business layer and, thereby, allows engineering the access rights required to perform these responsibilities, at the application layer. Secondly, the Responsibility metamodel has been integrated with ArchiMate® to enhance its usability and benefits from the enterprise architecture formalism. Finally, a method has been proposed to define the access rights more accurately, considering the alignment of ReMMo and RBAC. The research was realized following a design science and action design based research method and the results have been evaluated through an extended case study at the Hospital Center in Luxembourg.
Alignment of remmo with rbac to manage access rights in the frame of enterpri...christophefeltus
The document proposes aligning a Responsibility metamodel (ReMMo) with the Role-Based Access Control (RBAC) model to better manage access rights based on employee responsibilities within an enterprise architecture. It first defines the ReMMo to represent business responsibilities and related access rights. ReMMo is then integrated with the ArchiMate enterprise architecture framework. Finally, the paper proposes aligning ReMMo and RBAC and provides a reference model for engineering access rights based on aligning business roles, responsibilities, and RBAC roles. This approach uses responsibility as a pivot to integrate business and application layer access rights requirements.
INTEGRATED FRAMEWORK TO MODEL DATA WITH BUSINESS PROCESS AND BUSINESS RULESijdms
Data modeling is an approach to model data by mapping operational tasks iteratively, while associated guidelines are either partly mapped in the data model or expressed through software applications. Since an organization is a collection of business processes, it is essential that data models utilize such processes to facilitate data modeling. Also, data models should incorporate guidelines for completing operational tasks
through the concept of business rules. This paper outlines a unified framework on database modeling and design based on business process concepts that also incorporates business rules impacting business operations. The paper focuses on the relational database and its primary mode of conceptual modeling in the form of an en tity relationship model. Concepts are illustrated through Oracle's database language
PL/SQL and its Web variant PL/SQL Server Pages.
This document proposes a responsibility modeling language (ReMoLa) to align access rights with business process requirements. ReMoLa is a responsibility-centered meta-model that integrates concepts from the business and technical layers, with the concept of employee responsibility bridging the two. It incorporates four types of obligations from the COBIT framework to refine employee responsibilities and better assign access rights. ReMoLa maps responsibilities to roles in the RBAC model to leverage its advantages for access right management while ensuring responsibilities align with business tasks and employee commitment.
Re mola responsibility model language to align access rights with business pr...christophefeltus
This document proposes a responsibility modeling language (ReMoLa) to align access rights with business process requirements. ReMoLa is a responsibility-centered meta-model that integrates both business and technical perspectives to bridge the gap between them. It uses the concept of employee responsibilities to link business obligations to the technical capabilities and access rights needed to fulfill those obligations. The meta-model includes concepts like responsibilities, obligations, accountabilities, capabilities, and rights. It also maps these concepts to the four types of obligations from the COBIT framework to better define employee responsibilities and access rights assignments based on real needs.
A Proposed Security Model for Web Enabled Business Process Management SystemCSCJournals
Many organizations in industry and civilian government start deploying Business Process Management systems (BPMS) and technology in their IT applications. This could lead to a dramatic operational efficiency improvement on their business and administrative environments. With these atmospheres, the security issue is becoming a much more important challenge in the BPMS literature. The Role-Based Access Control (RBAC) model has been accepted as a promise security model solution and standard. RBAC is able to accomplish the central administration of an organizational specific security policy. It is also able to meet the secure processing needs of many commercial and civilian government organizations. In spite of these facts, RBAC model is not reliable when applying to the BPMS without further modifications and extensions. RBAC is modified to fit with Service oriented (SRBAC), but still not reliable enough to handle BPMS. Authors of that research proposed a security model based on SRBAC model to be more reliable when using with BPMS. Authors of that research named that proposed security model as Improved Role Based Access Control (IRBAC). The IRBAC model is directly applicable to the BPMS. Authors defined a graphical representation and technical implementation of the IRBAC model. This IRBAC model is tested using simple case study. The test compares between the IRBAC model and SRBAC model where IRBAC is implemented in two cases (IRBAC with caching and IRBAC with no caching). The test results show the validity and performability of the IRBAC model.
Aligning the business operations with the appropriate IT infrastructure is a challenging and critical activity. Without efficient business/IT alignment, the companies face the risk not to be able to deliver their business services satisfactorily and that their image is seriously altered and jeopardized. Among the many challenges of business/IT alignment is the access rights management which should be conducted considering the rising governance needs, such as taking into account the business actors' responsibility. Unfortunately, in this domain, we have observed that no solution, model and method, fully considers and integrates the new needs yet. Therefore, the paper proposes firstly to define an expressive Responsibility metamodel, named ReMMo, which allows representing the existing responsibilities at the business layer and, thereby, allows engineering the access rights required to perform these responsibilities, at the application layer. Secondly, the Responsibility metamodel has been integrated with ArchiMate® to enhance its usability and benefits from the enterprise architecture formalism. Finally, a method has been proposed to define the access rights more accurately, considering the alignment of ReMMo and RBAC. The research was realized following a design science and action design based research method and the results have been evaluated through an extended case study at the Hospital Center in Luxembourg.
Alignment of remmo with rbac to manage access rights in the frame of enterpri...christophefeltus
The document proposes aligning a Responsibility metamodel (ReMMo) with the Role-Based Access Control (RBAC) model to better manage access rights based on employee responsibilities within an enterprise architecture. It first defines the ReMMo to represent business responsibilities and related access rights. ReMMo is then integrated with the ArchiMate enterprise architecture framework. Finally, the paper proposes aligning ReMMo and RBAC and provides a reference model for engineering access rights based on aligning business roles, responsibilities, and RBAC roles. This approach uses responsibility as a pivot to integrate business and application layer access rights requirements.
INTEGRATED FRAMEWORK TO MODEL DATA WITH BUSINESS PROCESS AND BUSINESS RULESijdms
Data modeling is an approach to model data by mapping operational tasks iteratively, while associated guidelines are either partly mapped in the data model or expressed through software applications. Since an organization is a collection of business processes, it is essential that data models utilize such processes to facilitate data modeling. Also, data models should incorporate guidelines for completing operational tasks
through the concept of business rules. This paper outlines a unified framework on database modeling and design based on business process concepts that also incorporates business rules impacting business operations. The paper focuses on the relational database and its primary mode of conceptual modeling in the form of an en tity relationship model. Concepts are illustrated through Oracle's database language
PL/SQL and its Web variant PL/SQL Server Pages.
This document contains summaries of different modeling techniques including:
1. A structure diagram contains objects and connections to model organizational structures. It is often used as a starting point for various company views.
2. A process landscape structures a company's processes into management, core, and support processes to describe scenarios and refine process areas.
3. An event-driven process chain (EPC) models processes as a sequence of events, functions, and rules to describe activities, participants, data, systems, and risks.
4. A BPMN collaboration diagram models interactions between participants like in a business-to-business context using pools, message flows, gateways, and other elements.
5. A
A business analyst helps bridge the gap between business needs and technical solutions. They analyze an organization's structure, business models, processes and requirements. This includes strategic planning, process design, and interpreting business rules for technical systems. The business analyst ensures the technical solution meets the business goals. Key deliverables include business requirements, functional specifications, user needs documents, and traceability matrices to track requirements throughout the project. Having a business analyst involved in software projects helps clearly define needs and prevents miscommunication between stakeholders and developers.
Enhancement of business it alignment by including responsibility components i...christophefeltus
This document proposes enhancements to the Role-Based Access Control (RBAC) model by integrating the concept of responsibility. It summarizes the existing RBAC model and user/permission assignment processes. It then presents a responsibility model built around three concepts: an employee's obligations derived from responsibilities, the rights required to fulfill obligations, and the employee's commitment to fulfill obligations. The paper argues RBAC could be improved by incorporating acceptance of responsibility within the role assignment process. It proposes integrating the responsibility model with RBAC to address identified weaknesses and modeling the integrated model using the OWL ontology language.
This document proposes enhancements to the Role-Based Access Control (RBAC) model by integrating the concept of responsibility. It summarizes the existing RBAC model and user-role/permission-role assignment processes. It then presents a responsibility model built around three concepts: an employee's obligations derived from responsibilities, the rights required to fulfill obligations, and the employee's commitment to fulfill obligations. The paper argues RBAC could be improved by incorporating acceptance of responsibility within the role assignment process. It proposes integrating the responsibility model with RBAC to address identified weaknesses and modeling the integrated model using the OWL ontology language.
Data modeling is the process of creating a visual representation of data within an information system to illustrate the relationships between different data types and structures. The goal is to model data at conceptual, logical, and physical levels to support business needs and requirements. Conceptual models provide an overview of key entities and relationships, logical models add greater detail, and physical models specify how data will be stored in databases. Data modeling benefits include reduced errors, improved communication and performance, and easier management of data mapping.
An ERP Implementation Method Studying A Pharmaceutical CompanyJoe Osborn
This document presents a framework for implementing an ERP system like SAP in a company. It involves four main phases: goal elicitation, specification of current and required business processes, validation of how the ERP system meets the required processes, and evaluating what was learned for future implementations. It applies this framework to a case study of a fictional company called Electro Tech undergoing digital transformation. Key aspects of the framework include modeling organizational goals and needs, current vs new business processes, and ensuring SAP functionality aligns with required processes. The goal is to facilitate ERP implementations by capturing best practices for re-use across projects.
This document provides an overview of several ARIS modeling techniques including:
1. Process landscapes are used to structure a company's processes and usually include management, core, and support processes.
2. System landscapes describe which IT systems belong to logical units/domains for budgeting and responsibility purposes.
3. Data models represent a company's data view using entities, attributes, keys, and relationships.
4. Additional techniques covered include organizational charts, BPMN for workflows, and event-driven process chains.
The document discusses business models and factors that influence them such as people, processes, and strategies. It also discusses challenges with implementing customer relationship management (CRM) solutions such as lack of training and compatibility with existing business processes. The document emphasizes the importance of defining business processes, compatible systems, adequate staffing, and managing budgets and expenses for successful CRM implementation and monitoring strategies.
A SIMILARITY MEASURE FOR CATEGORIZING THE DEVELOPERS PROFILE IN A SOFTWARE PR...csandit
Software development processes need to have an integrated environment that fulfills specific
developer needs. In this context, this paper describes the modeling approach SAGM ((Similarity
for Adaptive Guidance Model) that provides adaptive recursive guidance for software
processes, and specifically tailored regarding the profile of developers. A profile is defined from
a model of developers, through their roles, their qualifications, and through the relationships
between the context of the current activity and the model of the activities. This approach
presents a similarity measure that evaluates the similarities between the profiles created from
the model of developers and those of the development team involved in the execution of a
software process. This is to identify the profiles classification and to deduce the appropriate
type of assistance (that can be corrective, constructive or specific) to developers.
Presenting an Excusable Model of Enterprise Architecture for Evaluation of R...Editor IJCATR
The document presents a method for creating an executable model of enterprise architecture diagrams to evaluate reliability. It transforms UML collaboration diagrams into colored Petri nets using an algorithm. This allows simulation of the diagrams to identify potential reliability issues early in the planning process. It aims to avoid high costs of implementation by improving architectural artifacts. The key steps are:
1) Using C4ISR framework and UML diagrams to describe enterprise architecture.
2) Transforming collaboration diagrams to colored Petri nets using a algorithm that represents messages as transitions and senders/receivers as places.
3) Annotating the Petri net model with reliability data to enable simulation and evaluation of reliability.
Adopted topic modeling for business process and software component conformity...TELKOMNIKA JOURNAL
Business processes and software components, especially class diagrams, have a firm connection. Considering software components support the business process in providing an excellent product and service. Besides, business process changes affect on software component design. One of them usually appears on the label or name of the software component or business process. Sometimes, a related business process and software component appears in the different label but the same meaning rather than using the same label. This situation is problematic when there are many changes to be made, in which the software component's modifying process becomes quite long. Therefore, the software maintainers should obtain an efficient procedure to shorten the modifying process. One solution is by using conformity checking, which helps the software maintainers know which software component is related to a specific business process. This paper compared two leading topic modeling techniques, namely probabilistic latent semantic analysis (PLSA) and latent Dirichlet allocation (LDA), to determine which one has a better performancefor process traceability.
The document discusses using presentation and visualization techniques to move beyond a product-centric view of architecture. It describes a session that will use a complex business process model as an example to show how dashboards, graphics, reference models and other visualizations can enhance architecture application and understanding. The session will also relate the process model to the DoDAF architecture framework and demonstrate how well-formed architecture data supports various visualizations and business uses.
A framework for realizing artifact centric business processes in SOADr. Sira Yongchareon
This document proposes a framework for realizing artifact-centric business processes in service-oriented architecture. It aims to achieve automated realization of artifact-centric models without model transformation. The framework consists of an artifact-centric workflow model and a mechanism to automatically realize and execute the model in a service-oriented environment. It discusses key challenges in realizing artifact-centric processes, including defining a formal process definition, deploying and executing processes, and defining/evaluating business rules that control artifact state changes.
BUSINESS RULE MANAGEMENT FRAMEWORK FOR ENTERPRISE WEB SERVICES ijwscjournal
Making a business rule extraction more dynamic is an open issue, and we think it is feasible if we decompose the business process structure in a set of rules, each of them representing a transition of the business process. As a consequence the business process engine can be realized by reusing and integrating an existing Rule Engine. We are proposing a way for extracting the business rules and then to modify it at the runtime. Business rules specifies the constraints that affect the behaviors and also specifies the derivation of conditions that affect the execution flow. The rules can be extracted from use
cases, specifications or system code. But since not many enterprises capture their business rules in a structured, explicit form like documents or implicit software codes, they need to be identified first, before being captured and managed. These rules change more often than the processes themselves, but changing and managing business rules is a complex task beyond the abilities of most business analysts. The capturing process focuses on the identification of the potential business rules sources. As business logic requirements change, business analysts can update the business logic without enlisting the aid of the IT staff. The new logic is immediately available to all client applications. In current trend the rules are modified or changed in the static time phase. But this paper provides to change the rules at the run time. Here the rules are extracted from the services and can be a changed dynamically. The existing
rules are modified and attached to source code without hindering service to the end user which can be achieved with source control systems. When the rules are revised, it provides a path in budding new business logic. This new business logic can be adopted for the efficient software development.
BUSINESS RULE MANAGEMENT FRAMEWORK FOR ENTERPRISE WEB SERVICESijwscjournal
Making a business rule extraction more dynamic is an open issue, and we think it is feasible if we decompose the business process structure in a set of rules, each of them representing a transition of the business process. As a consequence the business process engine can be realized by reusing and integrating an existing Rule Engine. We are proposing a way for extracting the business rules and then to modify it at the runtime. Business rules specifies the constraints that affect the behaviors and also specifies the derivation of conditions that affect the execution flow. The rules can be extracted from use cases, specifications or system code. But since not many enterprises capture their business rules in a structured, explicit form like documents or implicit software codes, they need to be identified first, before being captured and managed. These rules change more often than the processes themselves, but changing and managing business rules is a complex task beyond the abilities of most business analysts. The capturing process focuses on the identification of the potential business rules sources. As business logic requirements change, business analysts can update the business logic without enlisting the aid of the IT staff. The new logic is immediately available to all client applications. In current trend the rules are modified or changed in the static time phase. But this paper provides to change the rules at the run time. Here the rules are extracted from the services and can be a changed dynamically. The existing rules are modified and attached to source code without hindering service to the end user which can be achieved with source control systems. When the rules are revised, it provides a path in budding new business logic. This new business logic can be adopted for the efficient software development.
BUSINESS RULE MANAGEMENT FRAMEWORK FOR ENTERPRISE WEB SERVICESijwscjournal
The document discusses a proposed business rule management framework for managing business rules in enterprise web services. It aims to allow business rules to be extracted from services and modified dynamically at runtime. The framework would use the JESS rule engine language to enable dynamic rule changes without disrupting services to end users. The framework is meant to address issues with current approaches that only allow static rule modifications.
BUSINESS RULE MANAGEMENT FRAMEWORK FOR ENTERPRISE WEB SERVICESijwscjournal
Making a business rule extraction more dynamic is an open issue, and we think it is feasible if we decompose the business process structure in a set of rules, each of them representing a transition of the business process. As a consequence the business process engine can be realized by reusing and integrating an existing Rule Engine. We are proposing a way for extracting the business rules and then to modify it at the runtime. Business rules specifies the constraints that affect the behaviors and also specifies the derivation of conditions that affect the execution flow. The rules can be extracted from use cases, specifications or system code. But since not many enterprises capture their business rules in a structured, explicit form like documents or implicit software codes, they need to be identified first, before being captured and managed. These rules change more often than the processes themselves, but changing and managing business rules is a complex task beyond the abilities of most business analysts. The capturing process focuses on the identification of the potential business rules sources. As business logic requirements change, business analysts can update the business logic without enlisting the aid of the IT staff. The new logic is immediately available to all client applications. In current trend the rules are modified or changed in the static time phase. But this paper provides to change the rules at the run time. Here the rules are extracted from the services and can be a changed dynamically. The existing rules are modified and attached to source code without hindering service to the end user which can be achieved with source control systems. When the rules are revised, it provides a path in budding new business logic. This new business logic can be adopted for the efficient software development.
A process view framework for artifact centric business processesDr. Sira Yongchareon
1) The document proposes a process view framework for artifact-centric business processes that allows constructing different views of business processes for various roles.
2) It introduces a motivating example where different views of an "Order" artifact are constructed for "Sale" and "Accounting" roles based on their view requirements.
3) The framework consists of artifact-centric process models, view models, and a mechanism to derive views from underlying process models while maintaining consistency.
A Method To Define An Enterprise Architecture Using The Zachman FrameworkKim Daniels
This summarizes a document that proposes a method for defining an enterprise architecture using the Zachman Framework. It begins by introducing the Zachman Framework, which provides a structured way for organizations to understand themselves through classifying and organizing descriptive representations of the enterprise across different dimensions and perspectives.
The document then proposes a method for developing an enterprise architecture based on the Zachman Framework's business and information system perspectives. It defines artifacts for each cell and a process for populating each cell in a top-down, incremental approach. Finally, it presents a tool developed to support the Zachman Framework concepts by acting as a repository for framework information, producing proposed artifacts, and allowing multi-dimensional analysis of cell elements.
A Business Analyst (BA) analyzes organizations and systems to improve business processes and integration with technology. There are four tiers of business analysis from strategic planning to technical analysis. BAs document requirements, assess current processes, define new processes, and ensure technical systems meet business needs. Deliverables include requirements, specifications, models, and documentation to bridge business and technical stakeholders.
Discussion - Week 3Elements of the Craft of WritingThe narra.docxmecklenburgstrelitzh
Discussion - Week 3
Elements of the Craft of Writing
The narrator's point of view is the reader's window into the soul of your story. Combined with the tone of voice, characterization, and dialogue, these elements of the craft of writing give your story believability and interest. How can you combine the elements of the craft with the elements of the short story and the techniques of development you learned about in Weeks 1 and 2? In this Discussion, you will understand point of view, tone of voice, characterization, and dialogue and examine how other writers use these elements of craft to improve their work.
To prepare for this Discussion:
Review the assigned portions of Chapters 3, 4, 6, and 7 in Shaping the Story.
Review "Revelation" by Flannery O’Connor, "Mericans” by Sandra Cisneros, and "Why I Like Country Music" by James Alan McPherson in Shaping the Story.
Reflect on the voice in the assigned stories.
How would you describe the voice in each short story?
How do these voices demonstrate what the authors are saying about the main issues of each story?
Reflect on the similarities and differences in the ways that the authors use dialogue to establish character presence.
Consider the issues that each story discusses. How do these issues shape the characters and affect the light in which they are seen at the beginning and the end of the story?
With these thoughts in mind:
Post by Day 3
: 2 to 3 paragraphs comparing and contrasting different approaches to two of the following elements in two of the three stories in the Week 3 reading.. Be sure to cite at least two specific examples from your readings.
Point of View
Tone of Voice
Characterization
Dialogue
Be sure to support your ideas by connecting them to the week's Learning Resources, or something you have read, heard, seen, or experienced.
Read
a selection of your colleagues' postings.
Respond by Day 5
to at least one of your colleagues' postings in one or more of the following ways:
Ask a probing question.
Share an insight from having read your colleague's posting.
Offer and support an opinion.
Validate an idea with your own experience.
Make a suggestion.
Expand on your colleague's posting.
Return
to this Discussion in a few days to read the responses to your initial posting. Note what you have learned and/or any insights you have gained as a result of the comments your colleagues made.
REPLY
QUOTE
18 days ago
Chad Husted
WALDEN INSTRUCTOR
MANAGER
Tips for the week 3 discussion (read before you post)
COLLAPSE
Great job so far, class! I've really enjoyed your first two weeks of discussion posts.
Now we will shift our focus to even more tools we can use in our own stories, but first, we will see how they play out in the work of others.
Make sure you do all the readings for the week before posting anything, and also, go through and ask yourselves all the questions (above) from the
"to prepare for the discussion"
section of the instructions. I.
Discussion - Microbial ClassificationGive names of bacteria in.docxmecklenburgstrelitzh
Discussion - Microbial Classification
Give names of bacteria in the genus enterobacteriaceae. How would differentiate enterobacteriaceae from other gram (-) bacteria?
Read the selected scriptures and in your response to the prompt discuss how at least one of the scriptures relates to the discussion topic.
Matthew 8:2-3
"A man with leprosy came and knelt before him and said, 'Lord, if you are willing, you can make me clean.' Jesus reached out his hand and touched the man. 'I am willing,' he said. 'Be clean!' Immediately he was cleansed of his leprosy."
Mark 16:17-18
"'And these signs will accompany those who believe: In my name they will drive out demons; they will speak in new tongues; they will pick up snakes with their hands; and when they drink deadly poison, it will not hurt them at all; they will place their hands on sick people, and they will get well.'”
Respiratory System Disease
Pneumonia is diagnosed by the presence of fluid (dark shadows in an X ray) in the alveoli. Since pneumonia usually is caused by a microorganism, what causes the fluid accumulation? Name a bacterium, a virus, a fungus, a protozoan, and a helminth that can cause pneumonia.
Students will individually examine why pneumonia –an infection of the respiratory tract is among the most damaging. Students are also required to use the information they have learnt from the text, lectures, discussions and/or assignments to describe why the respiratory tract is an important portal of entry to inhaled microorganisms such as viruses, fungal spores and bacteria.
Learners will synthesize their findings in a summary presentation of
at least 10 slides
that will be shared with their peers by the specified due date, when they will then
compare and contrast
the feedback from their research in this discussion forum. Learners will be evaluated against the criteria outlined in the assignment and discussion forum rubric.
.
More Related Content
Similar to Extending Role-based Access Control for Business UsageHeik.docx
This document contains summaries of different modeling techniques including:
1. A structure diagram contains objects and connections to model organizational structures. It is often used as a starting point for various company views.
2. A process landscape structures a company's processes into management, core, and support processes to describe scenarios and refine process areas.
3. An event-driven process chain (EPC) models processes as a sequence of events, functions, and rules to describe activities, participants, data, systems, and risks.
4. A BPMN collaboration diagram models interactions between participants like in a business-to-business context using pools, message flows, gateways, and other elements.
5. A
A business analyst helps bridge the gap between business needs and technical solutions. They analyze an organization's structure, business models, processes and requirements. This includes strategic planning, process design, and interpreting business rules for technical systems. The business analyst ensures the technical solution meets the business goals. Key deliverables include business requirements, functional specifications, user needs documents, and traceability matrices to track requirements throughout the project. Having a business analyst involved in software projects helps clearly define needs and prevents miscommunication between stakeholders and developers.
Enhancement of business it alignment by including responsibility components i...christophefeltus
This document proposes enhancements to the Role-Based Access Control (RBAC) model by integrating the concept of responsibility. It summarizes the existing RBAC model and user/permission assignment processes. It then presents a responsibility model built around three concepts: an employee's obligations derived from responsibilities, the rights required to fulfill obligations, and the employee's commitment to fulfill obligations. The paper argues RBAC could be improved by incorporating acceptance of responsibility within the role assignment process. It proposes integrating the responsibility model with RBAC to address identified weaknesses and modeling the integrated model using the OWL ontology language.
This document proposes enhancements to the Role-Based Access Control (RBAC) model by integrating the concept of responsibility. It summarizes the existing RBAC model and user-role/permission-role assignment processes. It then presents a responsibility model built around three concepts: an employee's obligations derived from responsibilities, the rights required to fulfill obligations, and the employee's commitment to fulfill obligations. The paper argues RBAC could be improved by incorporating acceptance of responsibility within the role assignment process. It proposes integrating the responsibility model with RBAC to address identified weaknesses and modeling the integrated model using the OWL ontology language.
Data modeling is the process of creating a visual representation of data within an information system to illustrate the relationships between different data types and structures. The goal is to model data at conceptual, logical, and physical levels to support business needs and requirements. Conceptual models provide an overview of key entities and relationships, logical models add greater detail, and physical models specify how data will be stored in databases. Data modeling benefits include reduced errors, improved communication and performance, and easier management of data mapping.
An ERP Implementation Method Studying A Pharmaceutical CompanyJoe Osborn
This document presents a framework for implementing an ERP system like SAP in a company. It involves four main phases: goal elicitation, specification of current and required business processes, validation of how the ERP system meets the required processes, and evaluating what was learned for future implementations. It applies this framework to a case study of a fictional company called Electro Tech undergoing digital transformation. Key aspects of the framework include modeling organizational goals and needs, current vs new business processes, and ensuring SAP functionality aligns with required processes. The goal is to facilitate ERP implementations by capturing best practices for re-use across projects.
This document provides an overview of several ARIS modeling techniques including:
1. Process landscapes are used to structure a company's processes and usually include management, core, and support processes.
2. System landscapes describe which IT systems belong to logical units/domains for budgeting and responsibility purposes.
3. Data models represent a company's data view using entities, attributes, keys, and relationships.
4. Additional techniques covered include organizational charts, BPMN for workflows, and event-driven process chains.
The document discusses business models and factors that influence them such as people, processes, and strategies. It also discusses challenges with implementing customer relationship management (CRM) solutions such as lack of training and compatibility with existing business processes. The document emphasizes the importance of defining business processes, compatible systems, adequate staffing, and managing budgets and expenses for successful CRM implementation and monitoring strategies.
A SIMILARITY MEASURE FOR CATEGORIZING THE DEVELOPERS PROFILE IN A SOFTWARE PR...csandit
Software development processes need to have an integrated environment that fulfills specific
developer needs. In this context, this paper describes the modeling approach SAGM ((Similarity
for Adaptive Guidance Model) that provides adaptive recursive guidance for software
processes, and specifically tailored regarding the profile of developers. A profile is defined from
a model of developers, through their roles, their qualifications, and through the relationships
between the context of the current activity and the model of the activities. This approach
presents a similarity measure that evaluates the similarities between the profiles created from
the model of developers and those of the development team involved in the execution of a
software process. This is to identify the profiles classification and to deduce the appropriate
type of assistance (that can be corrective, constructive or specific) to developers.
Presenting an Excusable Model of Enterprise Architecture for Evaluation of R...Editor IJCATR
The document presents a method for creating an executable model of enterprise architecture diagrams to evaluate reliability. It transforms UML collaboration diagrams into colored Petri nets using an algorithm. This allows simulation of the diagrams to identify potential reliability issues early in the planning process. It aims to avoid high costs of implementation by improving architectural artifacts. The key steps are:
1) Using C4ISR framework and UML diagrams to describe enterprise architecture.
2) Transforming collaboration diagrams to colored Petri nets using a algorithm that represents messages as transitions and senders/receivers as places.
3) Annotating the Petri net model with reliability data to enable simulation and evaluation of reliability.
Adopted topic modeling for business process and software component conformity...TELKOMNIKA JOURNAL
Business processes and software components, especially class diagrams, have a firm connection. Considering software components support the business process in providing an excellent product and service. Besides, business process changes affect on software component design. One of them usually appears on the label or name of the software component or business process. Sometimes, a related business process and software component appears in the different label but the same meaning rather than using the same label. This situation is problematic when there are many changes to be made, in which the software component's modifying process becomes quite long. Therefore, the software maintainers should obtain an efficient procedure to shorten the modifying process. One solution is by using conformity checking, which helps the software maintainers know which software component is related to a specific business process. This paper compared two leading topic modeling techniques, namely probabilistic latent semantic analysis (PLSA) and latent Dirichlet allocation (LDA), to determine which one has a better performancefor process traceability.
The document discusses using presentation and visualization techniques to move beyond a product-centric view of architecture. It describes a session that will use a complex business process model as an example to show how dashboards, graphics, reference models and other visualizations can enhance architecture application and understanding. The session will also relate the process model to the DoDAF architecture framework and demonstrate how well-formed architecture data supports various visualizations and business uses.
A framework for realizing artifact centric business processes in SOADr. Sira Yongchareon
This document proposes a framework for realizing artifact-centric business processes in service-oriented architecture. It aims to achieve automated realization of artifact-centric models without model transformation. The framework consists of an artifact-centric workflow model and a mechanism to automatically realize and execute the model in a service-oriented environment. It discusses key challenges in realizing artifact-centric processes, including defining a formal process definition, deploying and executing processes, and defining/evaluating business rules that control artifact state changes.
BUSINESS RULE MANAGEMENT FRAMEWORK FOR ENTERPRISE WEB SERVICES ijwscjournal
Making a business rule extraction more dynamic is an open issue, and we think it is feasible if we decompose the business process structure in a set of rules, each of them representing a transition of the business process. As a consequence the business process engine can be realized by reusing and integrating an existing Rule Engine. We are proposing a way for extracting the business rules and then to modify it at the runtime. Business rules specifies the constraints that affect the behaviors and also specifies the derivation of conditions that affect the execution flow. The rules can be extracted from use
cases, specifications or system code. But since not many enterprises capture their business rules in a structured, explicit form like documents or implicit software codes, they need to be identified first, before being captured and managed. These rules change more often than the processes themselves, but changing and managing business rules is a complex task beyond the abilities of most business analysts. The capturing process focuses on the identification of the potential business rules sources. As business logic requirements change, business analysts can update the business logic without enlisting the aid of the IT staff. The new logic is immediately available to all client applications. In current trend the rules are modified or changed in the static time phase. But this paper provides to change the rules at the run time. Here the rules are extracted from the services and can be a changed dynamically. The existing
rules are modified and attached to source code without hindering service to the end user which can be achieved with source control systems. When the rules are revised, it provides a path in budding new business logic. This new business logic can be adopted for the efficient software development.
BUSINESS RULE MANAGEMENT FRAMEWORK FOR ENTERPRISE WEB SERVICESijwscjournal
Making a business rule extraction more dynamic is an open issue, and we think it is feasible if we decompose the business process structure in a set of rules, each of them representing a transition of the business process. As a consequence the business process engine can be realized by reusing and integrating an existing Rule Engine. We are proposing a way for extracting the business rules and then to modify it at the runtime. Business rules specifies the constraints that affect the behaviors and also specifies the derivation of conditions that affect the execution flow. The rules can be extracted from use cases, specifications or system code. But since not many enterprises capture their business rules in a structured, explicit form like documents or implicit software codes, they need to be identified first, before being captured and managed. These rules change more often than the processes themselves, but changing and managing business rules is a complex task beyond the abilities of most business analysts. The capturing process focuses on the identification of the potential business rules sources. As business logic requirements change, business analysts can update the business logic without enlisting the aid of the IT staff. The new logic is immediately available to all client applications. In current trend the rules are modified or changed in the static time phase. But this paper provides to change the rules at the run time. Here the rules are extracted from the services and can be a changed dynamically. The existing rules are modified and attached to source code without hindering service to the end user which can be achieved with source control systems. When the rules are revised, it provides a path in budding new business logic. This new business logic can be adopted for the efficient software development.
BUSINESS RULE MANAGEMENT FRAMEWORK FOR ENTERPRISE WEB SERVICESijwscjournal
The document discusses a proposed business rule management framework for managing business rules in enterprise web services. It aims to allow business rules to be extracted from services and modified dynamically at runtime. The framework would use the JESS rule engine language to enable dynamic rule changes without disrupting services to end users. The framework is meant to address issues with current approaches that only allow static rule modifications.
BUSINESS RULE MANAGEMENT FRAMEWORK FOR ENTERPRISE WEB SERVICESijwscjournal
Making a business rule extraction more dynamic is an open issue, and we think it is feasible if we decompose the business process structure in a set of rules, each of them representing a transition of the business process. As a consequence the business process engine can be realized by reusing and integrating an existing Rule Engine. We are proposing a way for extracting the business rules and then to modify it at the runtime. Business rules specifies the constraints that affect the behaviors and also specifies the derivation of conditions that affect the execution flow. The rules can be extracted from use cases, specifications or system code. But since not many enterprises capture their business rules in a structured, explicit form like documents or implicit software codes, they need to be identified first, before being captured and managed. These rules change more often than the processes themselves, but changing and managing business rules is a complex task beyond the abilities of most business analysts. The capturing process focuses on the identification of the potential business rules sources. As business logic requirements change, business analysts can update the business logic without enlisting the aid of the IT staff. The new logic is immediately available to all client applications. In current trend the rules are modified or changed in the static time phase. But this paper provides to change the rules at the run time. Here the rules are extracted from the services and can be a changed dynamically. The existing rules are modified and attached to source code without hindering service to the end user which can be achieved with source control systems. When the rules are revised, it provides a path in budding new business logic. This new business logic can be adopted for the efficient software development.
A process view framework for artifact centric business processesDr. Sira Yongchareon
1) The document proposes a process view framework for artifact-centric business processes that allows constructing different views of business processes for various roles.
2) It introduces a motivating example where different views of an "Order" artifact are constructed for "Sale" and "Accounting" roles based on their view requirements.
3) The framework consists of artifact-centric process models, view models, and a mechanism to derive views from underlying process models while maintaining consistency.
A Method To Define An Enterprise Architecture Using The Zachman FrameworkKim Daniels
This summarizes a document that proposes a method for defining an enterprise architecture using the Zachman Framework. It begins by introducing the Zachman Framework, which provides a structured way for organizations to understand themselves through classifying and organizing descriptive representations of the enterprise across different dimensions and perspectives.
The document then proposes a method for developing an enterprise architecture based on the Zachman Framework's business and information system perspectives. It defines artifacts for each cell and a process for populating each cell in a top-down, incremental approach. Finally, it presents a tool developed to support the Zachman Framework concepts by acting as a repository for framework information, producing proposed artifacts, and allowing multi-dimensional analysis of cell elements.
A Business Analyst (BA) analyzes organizations and systems to improve business processes and integration with technology. There are four tiers of business analysis from strategic planning to technical analysis. BAs document requirements, assess current processes, define new processes, and ensure technical systems meet business needs. Deliverables include requirements, specifications, models, and documentation to bridge business and technical stakeholders.
Similar to Extending Role-based Access Control for Business UsageHeik.docx (20)
Discussion - Week 3Elements of the Craft of WritingThe narra.docxmecklenburgstrelitzh
Discussion - Week 3
Elements of the Craft of Writing
The narrator's point of view is the reader's window into the soul of your story. Combined with the tone of voice, characterization, and dialogue, these elements of the craft of writing give your story believability and interest. How can you combine the elements of the craft with the elements of the short story and the techniques of development you learned about in Weeks 1 and 2? In this Discussion, you will understand point of view, tone of voice, characterization, and dialogue and examine how other writers use these elements of craft to improve their work.
To prepare for this Discussion:
Review the assigned portions of Chapters 3, 4, 6, and 7 in Shaping the Story.
Review "Revelation" by Flannery O’Connor, "Mericans” by Sandra Cisneros, and "Why I Like Country Music" by James Alan McPherson in Shaping the Story.
Reflect on the voice in the assigned stories.
How would you describe the voice in each short story?
How do these voices demonstrate what the authors are saying about the main issues of each story?
Reflect on the similarities and differences in the ways that the authors use dialogue to establish character presence.
Consider the issues that each story discusses. How do these issues shape the characters and affect the light in which they are seen at the beginning and the end of the story?
With these thoughts in mind:
Post by Day 3
: 2 to 3 paragraphs comparing and contrasting different approaches to two of the following elements in two of the three stories in the Week 3 reading.. Be sure to cite at least two specific examples from your readings.
Point of View
Tone of Voice
Characterization
Dialogue
Be sure to support your ideas by connecting them to the week's Learning Resources, or something you have read, heard, seen, or experienced.
Read
a selection of your colleagues' postings.
Respond by Day 5
to at least one of your colleagues' postings in one or more of the following ways:
Ask a probing question.
Share an insight from having read your colleague's posting.
Offer and support an opinion.
Validate an idea with your own experience.
Make a suggestion.
Expand on your colleague's posting.
Return
to this Discussion in a few days to read the responses to your initial posting. Note what you have learned and/or any insights you have gained as a result of the comments your colleagues made.
REPLY
QUOTE
18 days ago
Chad Husted
WALDEN INSTRUCTOR
MANAGER
Tips for the week 3 discussion (read before you post)
COLLAPSE
Great job so far, class! I've really enjoyed your first two weeks of discussion posts.
Now we will shift our focus to even more tools we can use in our own stories, but first, we will see how they play out in the work of others.
Make sure you do all the readings for the week before posting anything, and also, go through and ask yourselves all the questions (above) from the
"to prepare for the discussion"
section of the instructions. I.
Discussion - Microbial ClassificationGive names of bacteria in.docxmecklenburgstrelitzh
Discussion - Microbial Classification
Give names of bacteria in the genus enterobacteriaceae. How would differentiate enterobacteriaceae from other gram (-) bacteria?
Read the selected scriptures and in your response to the prompt discuss how at least one of the scriptures relates to the discussion topic.
Matthew 8:2-3
"A man with leprosy came and knelt before him and said, 'Lord, if you are willing, you can make me clean.' Jesus reached out his hand and touched the man. 'I am willing,' he said. 'Be clean!' Immediately he was cleansed of his leprosy."
Mark 16:17-18
"'And these signs will accompany those who believe: In my name they will drive out demons; they will speak in new tongues; they will pick up snakes with their hands; and when they drink deadly poison, it will not hurt them at all; they will place their hands on sick people, and they will get well.'”
Respiratory System Disease
Pneumonia is diagnosed by the presence of fluid (dark shadows in an X ray) in the alveoli. Since pneumonia usually is caused by a microorganism, what causes the fluid accumulation? Name a bacterium, a virus, a fungus, a protozoan, and a helminth that can cause pneumonia.
Students will individually examine why pneumonia –an infection of the respiratory tract is among the most damaging. Students are also required to use the information they have learnt from the text, lectures, discussions and/or assignments to describe why the respiratory tract is an important portal of entry to inhaled microorganisms such as viruses, fungal spores and bacteria.
Learners will synthesize their findings in a summary presentation of
at least 10 slides
that will be shared with their peers by the specified due date, when they will then
compare and contrast
the feedback from their research in this discussion forum. Learners will be evaluated against the criteria outlined in the assignment and discussion forum rubric.
.
Discussion (Chapter 7) What are the common challenges with which se.docxmecklenburgstrelitzh
Discussion (Chapter 7): What are the common challenges with which sentiment analysis deals? What are the most popular application areas for sentiment analysis? Why?
Note: Response should be 250-300 words. Make sure to have at least one APA formatted reference (and APA in-text citation)
.
Discussion - Big Data Visualization toolsSeveral Big Data Visu.docxmecklenburgstrelitzh
Discussion - Big Data Visualization tools
Several Big Data Visualization tools have been evaluated in this week's paper. While the focus was primarily on R and Python with GUI tools, new tools are being introduced every day. Compare and contrast the use of R vs Python and identify the pros and cons of each.
.
Discussion - 1 Pick 2 different department team members and descri.docxmecklenburgstrelitzh
Discussion - 1 : Pick 2 different department team members and describe why they were chosen and what skill they should bring.
Discussion -2 : What are the most vital functions at your place of work that the BIA will address?
Course Name - Business continuity and disaster recovery planning
No Plagiarism, proper references with APA format
.
Discussion (Chapter 7) What are the common challenges with which .docxmecklenburgstrelitzh
Discussion
(Chapter 7): What are the common challenges with which sentiment analysis deals? What are the most popular application areas for sentiment analysis? Why?
Questions for Discussions:
1. Explain the relationship among data mining, text mining, and sentiment analysis.
2. In your own words, define text mining, and discuss its most popular applications.
3. What does it mean to induce structure into text-based data? Discuss the alternative ways of inducing structure into them.
4. What is the role of NLP in text mining? Discuss the capabilities and limitations of NLP in the context of text mining.
Exercise:
Go to teradatauniversitynetwork.com and find the case study named “eBay Analytics.” Read the case carefully and extend your understanding of it by searching the Internet for additional information, and answer the case questions.
Internet exercise:
Go to kdnuggets.com. Explore the sections on applications as well as software. Find the names of at least three additional packages for data mining and text mining.
.
Discussion (Chapter 7) What are the common challenges with whic.docxmecklenburgstrelitzh
Sentiment analysis deals with common challenges in determining sentiment from unstructured text. Popular application areas for sentiment analysis include social media, customer reviews, and survey responses due to the large amounts of online opinions and feedback generated. Students are asked to post a 100-300 word response to an online discussion by Wednesday discussing challenges in sentiment analysis and popular application areas.
Discussion (Chapter 6) List and briefly describe the nine-step .docxmecklenburgstrelitzh
The document discusses conducting a neural network project and outlines a nine-step process. Students are asked to engage in an online discussion by Wednesday at 11:59 p.m. EST by posting their first response early and interacting frequently with other students' posts.
Discussion (Chapter 5) What is the relationship between Naïve Bayes.docxmecklenburgstrelitzh
Naive Bayes and Bayesian networks are both probabilistic classifiers but differ in their assumptions of independence between predictor variables. Bayesian networks are more flexible as they can represent dependencies between variables through a directed acyclic graph structure. To develop a Bayesian network model, one identifies variables of interest, determines conditional dependencies between variables, quantifies these dependencies with probabilities, and represents them in a network diagram.
Discussion (Chapter 4) What are the privacy issues with data mini.docxmecklenburgstrelitzh
Discussion (Chapter 4): What are the privacy issues with data mining? Do you think they are substantiated?
Note:
Your response should be 250-300 words. There must be at least one APA formatted reference (and APA in-text citation) to support the thoughts in the post. Do not use direct quotes, rather rephrase the author's words and continue to use in-text citations.
.
Discussion (Chapter 3) Why are the originalraw data not readily us.docxmecklenburgstrelitzh
Discussion (Chapter 3): Why are the original/raw data not readily usable by analytics tasks? What are the main data preprocessing steps? List and explain their importance in analytics.
Note: Response should be 250-300 words. There must be at least one APA formatted reference (and APA in-text citation) to support the thoughts in the post. Do not use direct quotes, rather rephrase the author's words and continue to use in-text citations
.
Discussion (Chapter 5) What is the relationship between Naïve B.docxmecklenburgstrelitzh
Naive Bayes and Bayesian networks are both probabilistic models but Bayesian networks can represent conditional dependencies between variables while Naive Bayes assumes independence. To develop a Bayesian network model you identify variables, determine dependencies between variables, quantify these dependencies with conditional probabilities, and construct a directed acyclic graph representing the dependencies. Students are asked to post a 100-300 word response to the discussion question by Wednesday and engage with two other classmates' posts.
Discussion (Chapter 10 in the textbook or see the ppt) For ea.docxmecklenburgstrelitzh
Discussion (Chapter 10 in the textbook / or see the ppt):
For each of the steps in the "Seven Step Forecasting Game Plan" for forecasting, discuss the following:
Who do you suspect is being included in creating each step of the various company forecasts?
Why? Why not? Be specific about the various players and the reasons they might be involved.
Assignment (Chapter 10) (1-2 pages double space):
Objective and Realistic Forecasts. The chapter encourages analysts to develop forecasts that are realistic, objective, and unbiased. Some firms’ managers tend to be optimistic. Some accounting principles tend to be conservative. Describe the different risks and incentives that managers, accountants, and analysts face. Explain how these different risks and incentives lead managers, accountants, and analysts to different biases when predicting uncertain outcomes.
.
Discussion (Chapter 1) Compare and contrast predictive analytics wi.docxmecklenburgstrelitzh
Discussion (Chapter 1): Compare and contrast predictive analytics with prescriptive and descriptive analytics. Use examples.
Response should be 250-300 words and with references
There must be at least one APA formatted reference (and APA in-text citation) to support the thoughts in the post. Do not use direct quotes, rather rephrase the author's words and continue to use in-text citations.
.
Discussion (400 words discussion + 150 words student response)Co.docxmecklenburgstrelitzh
Discussion (400 words discussion + 150 words student response)
Consider the potential conflict between corporate social responsibility and ethics while maximizing share holder wealth. How does exercising Christian principles play a part in running a successful business while operating within state and federal regulations?
.
Discussion (150-200 words) Why do you think so much emphasis is pla.docxmecklenburgstrelitzh
Discussion (150-200 words): Why do you think so much emphasis is placed on cash-flow-based stock evaluations, especially the "free cash flow model"?
Assignment (1-2 pages double space): What is the six step process involved in valuation? List the six steps in sequence, explaining and discussing the importance and relevance of each step.
.
discussion (11)explain the concept of information stores as th.docxmecklenburgstrelitzh
discussion (11)
explain the concept of information stores as they relate to email. Use the Internet to research how and where email data is stored on different computer
platforms and systems and then report your findings. How is this information pertinent to a forensic investigation. around 250-300 words
with references
discussion 12
Explain how cookies can show that a user has visited a site if that user's history has been deleted. Be specific,
do not merely explain how cookies work. Report on how cookies can be used in a forensic investigation. around 250-300 words, with references
.
Discussion #5 How progressive was the Progressive EraThe Progres.docxmecklenburgstrelitzh
Discussion #5: How progressive was the Progressive Era?
The Progressive era stands out as a time when reformers sought to address social ills brought about by a rapidly changing society. Debates surrounded issues such as political corruption, the regulation of business practices, racial equality, women's suffrage and the living conditions of impoverished immigrants overcrowded into urban slums.
In order to prepare for this discussion forum:
Review and identify the relevant sections of Chapter 22 that support your discussion.
Read Booker T. Washington's speech The Atlanta Compromise
Read W.E.B. Du Bois The Niagara Movement
The Niagara Movement's "Declaration of Principles" by W.E.B.Du Bois
The Women's Suffrage Movement
Excerpt from How the Other Half Lives by Jacob Riis and the photography of Jacob Riis.
After you have completed your readings post a response to only ONE of the following questions.
Compare and contrast the ideas of Booker T. Washington and W.E.B. Du Bois. In your opinion, which of these two men had a better plan? Explain why.
When it came to the issue of suffrage, did all women agree? Explain.
Which social problem was Jacob Riis addressing through his work? How did he communicate the severity of this problem?
.
Discussion #4, Continued Work on VygotskyA. Why is it important .docxmecklenburgstrelitzh
Discussion #4, Continued Work on Vygotsky
A. Why is it important as a teacher to understand what children are:
interested in?
thinking about?
attempting to create or problem-solve?
how does this knowledge support further development?
B. Note teaching strategies that enable you to learn about the child or children's thinking:
decriptive language, narration
waiting for the child's or children's language, response
open-ended relevant questions based on the child's perspective
assistance with relevant additional materials
C. Vygotsky's theories of learning are based on adult: child relationships and peer:peer interactions, what is the value in learning and advancing development through:
specific and meaningful grasp of what the child is focused on
opportunity for further experience supported by
Amplification
scaffolding as assistance
through the child's perspective
intentional in the strategies and support to assist children in entering the
Zone of Proximal Development
.
Discussion #4 What are the most common metrics that make for an.docxmecklenburgstrelitzh
Discussion #4: What are the most common metrics that make for analytics-ready data?
Exercise #12: Go to data.gov—a U.S. government–sponsored data portal that has a very large number of data sets on a wide variety of topics ranging from healthcare to education, climate to public safety. Pick a topic that you are most passionate about.
Go through the topic-specific information and explanation provided on the site. Explore the possibilities of downloading the data and use your favorite data visualization tool to create your own meaningful information and visualizations.
.
Philippine Edukasyong Pantahanan at Pangkabuhayan (EPP) CurriculumMJDuyan
(𝐓𝐋𝐄 𝟏𝟎𝟎) (𝐋𝐞𝐬𝐬𝐨𝐧 𝟏)-𝐏𝐫𝐞𝐥𝐢𝐦𝐬
𝐃𝐢𝐬𝐜𝐮𝐬𝐬 𝐭𝐡𝐞 𝐄𝐏𝐏 𝐂𝐮𝐫𝐫𝐢𝐜𝐮𝐥𝐮𝐦 𝐢𝐧 𝐭𝐡𝐞 𝐏𝐡𝐢𝐥𝐢𝐩𝐩𝐢𝐧𝐞𝐬:
- Understand the goals and objectives of the Edukasyong Pantahanan at Pangkabuhayan (EPP) curriculum, recognizing its importance in fostering practical life skills and values among students. Students will also be able to identify the key components and subjects covered, such as agriculture, home economics, industrial arts, and information and communication technology.
𝐄𝐱𝐩𝐥𝐚𝐢𝐧 𝐭𝐡𝐞 𝐍𝐚𝐭𝐮𝐫𝐞 𝐚𝐧𝐝 𝐒𝐜𝐨𝐩𝐞 𝐨𝐟 𝐚𝐧 𝐄𝐧𝐭𝐫𝐞𝐩𝐫𝐞𝐧𝐞𝐮𝐫:
-Define entrepreneurship, distinguishing it from general business activities by emphasizing its focus on innovation, risk-taking, and value creation. Students will describe the characteristics and traits of successful entrepreneurs, including their roles and responsibilities, and discuss the broader economic and social impacts of entrepreneurial activities on both local and global scales.
LAND USE LAND COVER AND NDVI OF MIRZAPUR DISTRICT, UPRAHUL
This Dissertation explores the particular circumstances of Mirzapur, a region located in the
core of India. Mirzapur, with its varied terrains and abundant biodiversity, offers an optimal
environment for investigating the changes in vegetation cover dynamics. Our study utilizes
advanced technologies such as GIS (Geographic Information Systems) and Remote sensing to
analyze the transformations that have taken place over the course of a decade.
The complex relationship between human activities and the environment has been the focus
of extensive research and worry. As the global community grapples with swift urbanization,
population expansion, and economic progress, the effects on natural ecosystems are becoming
more evident. A crucial element of this impact is the alteration of vegetation cover, which plays a
significant role in maintaining the ecological equilibrium of our planet.Land serves as the foundation for all human activities and provides the necessary materials for
these activities. As the most crucial natural resource, its utilization by humans results in different
'Land uses,' which are determined by both human activities and the physical characteristics of the
land.
The utilization of land is impacted by human needs and environmental factors. In countries
like India, rapid population growth and the emphasis on extensive resource exploitation can lead
to significant land degradation, adversely affecting the region's land cover.
Therefore, human intervention has significantly influenced land use patterns over many
centuries, evolving its structure over time and space. In the present era, these changes have
accelerated due to factors such as agriculture and urbanization. Information regarding land use and
cover is essential for various planning and management tasks related to the Earth's surface,
providing crucial environmental data for scientific, resource management, policy purposes, and
diverse human activities.
Accurate understanding of land use and cover is imperative for the development planning
of any area. Consequently, a wide range of professionals, including earth system scientists, land
and water managers, and urban planners, are interested in obtaining data on land use and cover
changes, conversion trends, and other related patterns. The spatial dimensions of land use and
cover support policymakers and scientists in making well-informed decisions, as alterations in
these patterns indicate shifts in economic and social conditions. Monitoring such changes with the
help of Advanced technologies like Remote Sensing and Geographic Information Systems is
crucial for coordinated efforts across different administrative levels. Advanced technologies like
Remote Sensing and Geographic Information Systems
9
Changes in vegetation cover refer to variations in the distribution, composition, and overall
structure of plant communities across different temporal and spatial scales. These changes can
occur natural.
Main Java[All of the Base Concepts}.docxadhitya5119
This is part 1 of my Java Learning Journey. This Contains Custom methods, classes, constructors, packages, multithreading , try- catch block, finally block and more.
ISO/IEC 27001, ISO/IEC 42001, and GDPR: Best Practices for Implementation and...PECB
Denis is a dynamic and results-driven Chief Information Officer (CIO) with a distinguished career spanning information systems analysis and technical project management. With a proven track record of spearheading the design and delivery of cutting-edge Information Management solutions, he has consistently elevated business operations, streamlined reporting functions, and maximized process efficiency.
Certified as an ISO/IEC 27001: Information Security Management Systems (ISMS) Lead Implementer, Data Protection Officer, and Cyber Risks Analyst, Denis brings a heightened focus on data security, privacy, and cyber resilience to every endeavor.
His expertise extends across a diverse spectrum of reporting, database, and web development applications, underpinned by an exceptional grasp of data storage and virtualization technologies. His proficiency in application testing, database administration, and data cleansing ensures seamless execution of complex projects.
What sets Denis apart is his comprehensive understanding of Business and Systems Analysis technologies, honed through involvement in all phases of the Software Development Lifecycle (SDLC). From meticulous requirements gathering to precise analysis, innovative design, rigorous development, thorough testing, and successful implementation, he has consistently delivered exceptional results.
Throughout his career, he has taken on multifaceted roles, from leading technical project management teams to owning solutions that drive operational excellence. His conscientious and proactive approach is unwavering, whether he is working independently or collaboratively within a team. His ability to connect with colleagues on a personal level underscores his commitment to fostering a harmonious and productive workplace environment.
Date: May 29, 2024
Tags: Information Security, ISO/IEC 27001, ISO/IEC 42001, Artificial Intelligence, GDPR
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: ISO/IEC 27001 Information Security Management System - EN | PECB
ISO/IEC 42001 Artificial Intelligence Management System - EN | PECB
General Data Protection Regulation (GDPR) - Training Courses - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
Chapter wise All Notes of First year Basic Civil Engineering.pptxDenish Jangid
Chapter wise All Notes of First year Basic Civil Engineering
Syllabus
Chapter-1
Introduction to objective, scope and outcome the subject
Chapter 2
Introduction: Scope and Specialization of Civil Engineering, Role of civil Engineer in Society, Impact of infrastructural development on economy of country.
Chapter 3
Surveying: Object Principles & Types of Surveying; Site Plans, Plans & Maps; Scales & Unit of different Measurements.
Linear Measurements: Instruments used. Linear Measurement by Tape, Ranging out Survey Lines and overcoming Obstructions; Measurements on sloping ground; Tape corrections, conventional symbols. Angular Measurements: Instruments used; Introduction to Compass Surveying, Bearings and Longitude & Latitude of a Line, Introduction to total station.
Levelling: Instrument used Object of levelling, Methods of levelling in brief, and Contour maps.
Chapter 4
Buildings: Selection of site for Buildings, Layout of Building Plan, Types of buildings, Plinth area, carpet area, floor space index, Introduction to building byelaws, concept of sun light & ventilation. Components of Buildings & their functions, Basic concept of R.C.C., Introduction to types of foundation
Chapter 5
Transportation: Introduction to Transportation Engineering; Traffic and Road Safety: Types and Characteristics of Various Modes of Transportation; Various Road Traffic Signs, Causes of Accidents and Road Safety Measures.
Chapter 6
Environmental Engineering: Environmental Pollution, Environmental Acts and Regulations, Functional Concepts of Ecology, Basics of Species, Biodiversity, Ecosystem, Hydrological Cycle; Chemical Cycles: Carbon, Nitrogen & Phosphorus; Energy Flow in Ecosystems.
Water Pollution: Water Quality standards, Introduction to Treatment & Disposal of Waste Water. Reuse and Saving of Water, Rain Water Harvesting. Solid Waste Management: Classification of Solid Waste, Collection, Transportation and Disposal of Solid. Recycling of Solid Waste: Energy Recovery, Sanitary Landfill, On-Site Sanitation. Air & Noise Pollution: Primary and Secondary air pollutants, Harmful effects of Air Pollution, Control of Air Pollution. . Noise Pollution Harmful Effects of noise pollution, control of noise pollution, Global warming & Climate Change, Ozone depletion, Greenhouse effect
Text Books:
1. Palancharmy, Basic Civil Engineering, McGraw Hill publishers.
2. Satheesh Gopi, Basic Civil Engineering, Pearson Publishers.
3. Ketki Rangwala Dalal, Essentials of Civil Engineering, Charotar Publishing House.
4. BCP, Surveying volume 1
Walmart Business+ and Spark Good for Nonprofits.pdfTechSoup
"Learn about all the ways Walmart supports nonprofit organizations.
You will hear from Liz Willett, the Head of Nonprofits, and hear about what Walmart is doing to help nonprofits, including Walmart Business and Spark Good. Walmart Business+ is a new offer for nonprofits that offers discounts and also streamlines nonprofits order and expense tracking, saving time and money.
The webinar may also give some examples on how nonprofits can best leverage Walmart Business+.
The event will cover the following::
Walmart Business + (https://business.walmart.com/plus) is a new shopping experience for nonprofits, schools, and local business customers that connects an exclusive online shopping experience to stores. Benefits include free delivery and shipping, a 'Spend Analytics” feature, special discounts, deals and tax-exempt shopping.
Special TechSoup offer for a free 180 days membership, and up to $150 in discounts on eligible orders.
Spark Good (walmart.com/sparkgood) is a charitable platform that enables nonprofits to receive donations directly from customers and associates.
Answers about how you can do more with Walmart!"
Pengantar Penggunaan Flutter - Dart programming language1.pptx
Extending Role-based Access Control for Business UsageHeik.docx
1. Extending Role-based Access Control for Business Usage
Heiko Klarl1, 2, Korbinian Molitorisz3, Christian Emig1, 3,
Karsten Klinger1 and Sebastian Abeck3
1iC Consult GmbH, Keltenring 14, 82041 Oberhaching,
Germany
2Media Computing, University of Regensburg, Germany
3Cooperation & Management, University of Karlsruhe (TH),
Germany
Abstract
Role-based access control (RBAC) is used for managing
authorisation in IT systems, by utilising the concept of
roles. Existing approaches do not clearly define the term
“role” in its different contexts as well as not considering
the relation between roles and business process modelling.
Therefore this work introduces business and system role-
based access control (B&S-RBAC). Established role-based
access control models are extended with a business per-
spective and the term role is defined from a business and
from an IT perspective, resulting in business and system
roles. The relation between them is shown in a meta-model
and the usage of business roles for secure business process
modelling is explained.
Keywords: RBAC, Roles, Business Process Modelling,
Identity Management, Access Control, Business-IT Align-
ment.
2. 1 Introduction
Nowadays nearly every business process is extensively
supported by IT systems. Globalisation and hard compe-
tition led to short reaction times in adapting business pro-
cesses and mergers and acquisitions are still challenges for
every enterprise. Due to these conditions, demands for the
companies’ IT systems, business processes and their secu-
rity architecture arise [10]. Business process modelling [17]
tries to cope with those needs as modelled business pro-
cesses are easier to understand, better to redesign and exe-
cutable codes can be generated by model-driven techniques.
As not everyone is allowed to execute particular business
processes, identity management (IdM) ensures that only au-
thorised persons may do so. In order to achieve this, role in-
formation can be assigned to activities within the business
process. In order to accomplish authorisation of the busi-
ness processes’ activities within the supporting IT systems,
role-based access control (RBAC) may be used. But differ-
ent views and definitions of “roles” complicate the RBAC
approach enormously. Within the business process infor-
mation on roles consists of job functions or business tasks
and roles are often more or less just descriptive information.
In contrast, RBAC roles within IT systems encapsulate per-
missions but do often not have any relation to the business
perspective of roles. Generally, the term role used in RBAC
does not distinguish between business and IT. In order to
unify these two different concepts of roles, an error prone
coordination process between business and IT department
arises [2], when business focused roles have to be trans-
ferred to the technological-focused RBAC roles. A first step
to overcome this weakness is to extend existing business
and IT role models and to link them in a comprehensive
way in order to gain a direct relation between business and
IT.
4. EVA-STAR (Elektronisches Volltextarchiv – Scientific Articles
Repository)
http://digbib.ubka.uni-karlsruhe.de/volltexte/1000012013
2 Background and related work
2.1 Identity management and business
process modelling
The importance of business processes models became
obvious with the idea of business process reengineering
[4] in the 1990s and with the development of the service-
oriented architecture paradigm [11]. The nearly arbitrary
combination of single sub-processes or loosely coupled
services to business processes in the sense of service-
orientation is only possible on the base of meaningful and
executable models. This enables enterprises to cope with
market challenges and new business regulations in a flexi-
ble and agile way. The focus lies on the optimal support of
the business process whereas the IT plays a supporting role
in the background. The modelling of business processes
can be done using different notations like Event-driven Pro-
cess Chains (EPC) [6], the Business Process Modeling No-
tation (BPMN) [12] or the behaviour diagrams of the Uni-
fied Modeling Language (UML) [13]. The concept of roles
is not unknown in business process modelling (BPM) (cf.
[16, 17]). Roles are assigned to activities “indicating that all
members of the role are capable of performing the respec-
tive activity instances” [17]. For example, BPMN supports
a role concept utilising so-called lanes, which “are often
used for such things as internal roles (e.g., Manager, As-
sociate)” [12]. As the meaning of lanes is not defined and
up to the modeller [12], the modelling of roles in business
processes is often more or less descriptive information.
5. From an IdM perspective, these types of role informa-
tion can also be used to derive requirements for restrict-
ing access to activities. Therefore we introduced in [9] a
meta-model for modelling access control requirements at
the business process level, using business roles to describe
the acting subject. The meta-model combines the busi-
ness process model and its IdM requirements in one model.
This enables the business department to define its own or
compliance-driven IdM requirements, using their specific
domain knowledge in business process modelling. With the
help of a model-driven development process these models
are transformed to product specific access control policies.
But as the roles in BPM often have just a descriptive nature,
e.g. names of job functions or business tasks, it is not easy
to find out which IT systems’ authorisation is related to the
assigned role in the business process models. This missing
definition of the role concept and its IT relation hinders the
usage of a full model-driven generation of access control
policies out of a business process.
2.2 Role-based access control models
Much research has been done on role-based access con-
trol since the 1990s. The basic idea that “users are assigned
to roles, permissions are assigned to roles, and users acquire
permissions by being members of roles” [3] of the proposed
concepts was the same, but diversity existed in the details.
This diversity enormously complicated the usage of RBAC
approaches, as each implementation was based on a slightly
different concept. To overcome this weakness Ferraiolo et
al. proposed the NIST standard for role-based access con-
trol (NIST RBAC) [3] containing the “fundamental and sta-
ble set of mechanisms” [3] of RBAC. NIST RBAC includes
hierarchy concepts “whereby senior roles acquire the per-
mission of their juniors, and junior roles acquire the user
6. membership of their seniors” [3]. Static and dynamic sepa-
ration of duties (SoD) ensures that roles leading to a conflict
of interests may be either not assigned to the same user or
that the conflicting roles may not be used together within
the same user session.
The main lack of NIST RBAC is the missing definition
of the term role. Depending on the perspective, the term
role is interpreted with different meanings. From a busi-
ness perspective, a role reflects job functions and business
tasks (cf. 2.1), e.g. clerk or loan officer. It is expected that
the role clerk contains all permissions for serving a cus-
tomer at the cashier’s desk, regardless of the IT system re-
quired for fulfilling this tasks. These IT systems e.g. may
comprise a credit system and a banking system. From the
IT perspective a role may be seen as a bundle of the sys-
tem’s permissions reflecting a certain task which can be ac-
complished in this system, e.g. ‘scoring management’ or
‘securities management’. These roles contain only the per-
missions of the respective system, e.g. the banking system.
Comparing the business and IT perspective, the scope of
the role is totally different: one point of view contains in-
formation about roles across systems, the other only from
a certain IT system. As NIST RBAC has no definition of
the term role, communication problems between business
and IT will arise. There is a need to define role from both
perspectives including each others relation.
Kern et al. presented ERBAC in [8] which tries to over-
come the described weakness of RBAC. They define the
term role explicitly as enterprise role consisting “of permis-
sions in one or more target systems” [8], where permissions
“are specific to the target system and can be of various na-
tures” [8]. With the term enterprise role they established a
definition of role to a have clear understanding in the enter-
prise. With the overarching concept of enterprise roles they
7. took into mind, that for one job function, support from one
or more IT systems could be necessary. But the approach
has the disadvantage that very technological and IT-focused
permissions of any kind, which may comprise roles, groups,
137
policies or system permission, are directly combined with
job profiles in its definitions as enterprise roles. The ad-
vantage of role concepts to encapsulate permissions of an
IT system used for doing a certain task is not considered
anymore, thereby neglecting the basic idea of RBAC. En-
terprise roles containing the authorisation for executing the
same business tasks will include the same bundles of per-
missions. This is redundant and should be avoided by the
abstraction of system specific roles.
In [18] Wortmann presented a method for enterprise-
wide authorisation. He proposed a model which is based
on ERBAC and which is divided in a three layer archi-
tecture. The first layer represents decentral authorisation
components, whereas the second layer stands for the system
overarching authorisation component. The third layer is not
explained but seems to be a human-centric virtual construct
for reflecting the business side. On the first layer he in-
troduced resource representing a system specific bundle of
permissions, which could be seen as a system role. The term
role, an element of the second layer, reflects the concept of
ERBACs’ enterprise roles which bundle resources across
different systems. On the third layer process roles are intro-
duced, being the organisational bundle of roles needed for
processing tasks or activities. In this meta-model the rela-
tion from process roles to business process modelling is not
explained, although the name indicates such a relation and
8. it is not argued which benefits are gained by the use of pro-
cess roles. Basically the third layer seems to be more or less
an indirection which should ease understanding by making
a reference to the business perspective, which is not worked
out in detail. Wortman refines the idea of ERBAC in that
resource and enterprise roles reflect the concept of system
and business roles. But the work lacks a defined relation
between roles and business process modelling.
Approaches like team-based access control (TMAC)
[15] or organisation-based access control (ORBAC) [5] do
not define concepts like business roles and are therefore not
discussed in detail.
2.3 Summary
In summary there is a lack of a role concepts’ definition
that fits the reality of present or modern enterprises, align-
ing the business and the IT world in a holistic role model.
Either there is a total lack of definition of the term role [3]
or the idea behind business roles is identified [8] but es-
tablished RBAC concepts on the IT systems’ side are ig-
nored. Both gaps were avoided in [18] but the relation of
the role model to business process modelling is just indi-
cated and not worked out. Whereas business focused roles
(cf. 2.1) cover the business domain well, they do often not
have any relation to roles defined in the IT domain on the
basis of RBAC models (cf. 2.2). Several problems arise
when this relation between business and IT is not consid-
ered: The business side is not able to make real use of its
domain-specific knowledge in the handling of roles in busi-
ness process modelling, as its role definitions have no rela-
tion to those roles defined in a certain IT system. The IT
side is not able to achieve a holistic view on which roles
from an IT system are needed for representing a role defi-
9. nition from a business point of view – often resulting in too
less or far too many privileges assigned to users. Those role
models which do not consider the coherency between busi-
ness and IT side might have been adequate in the 1990s,
where IT support for business processes was in its begin-
ning, but they do definitively not cope with present demands
evolving from business process management [17], service-
oriented architecture [11] and compliance requirements [1].
3 A role model for business and IT
In order to cope with this situation, existing RBAC mod-
els have to be enriched with an explicit role definition for
the business as well as for the IT side. Therefore we intro-
duced business role-based access control (B&S-RBAC), a
role model containing business roles which represent job
profiles and business tasks from the business perspective
and system roles which bundle different types of permis-
sions in IT systems. The following sections will describe
both terms and give an overview of the B&S-RBAC meta-
model.
3.1 Business roles and business process
modelling
Common business terms reflecting an organisational or-
der are business task and job profiles. A business task is
an activity which is performed regularly in daily business,
e.g. billing or transferring wages. Job profiles are organi-
sational classifications, grouping employees with the same
skills and responsibilities, e.g. clerk, manager or software
developer. Whereas business tasks and job profiles are pure
business concepts, the idea of business roles should lay the
fundament for a relation to the enterprises’ IT. Therefore we
define business roles as follows:
10. • Business roles represent business tasks or job profiles
within enterprise.
• An employee is assigned one or more business roles.
• Business roles are not specific for one IT system, they
are an enterprise-wide concept.
• Business roles have a relation to system roles (cf. 3.2)
reflecting all IT systems involved in acting on behalf
of a business role.
138
As one or more business roles can be assigned to an em-
ployee, the total amount of the employee’s business roles
determines what he is allowed to do. Some business roles
may not be assigned together as they will conflict with sep-
aration of duties (SoD) concepts e.g. approving and dis-
bursing a credit application.
With a well-defined concept of business roles which are
no longer only descriptions, the business department is able
to model business processes with role-based access control.
Having a role model like B&S-RBAC distinguishing be-
tween business and system roles, the business department
has a set of business roles which can be assigned to activ-
ities, stating which role is allowed to execute them. The
selection and application of business roles can be supported
by tools for BPM. Without B&S-RBAC the business de-
partment had to know which kind of role from an IT sys-
tem (within B&S-RBAC called system role, cf. 3.2) has
to be assigned or it just used undefined and descriptive job
profiles (cf. 2.1). It is obvious, that this is complicated
11. and error prone. B&S-RBACs’ business roles abstract this
completely, as they are representing all capabilities neces-
sary for performing a certain business task without lacking
a relation to the underlying IT systems.
3.2 System roles
For performing a certain action in an IT system, a per-
mission is needed. A permission grants an operation on an
object and is assigned to a subject, normally a user or an-
other interacting IT system. As an IT system consists of
a huge amount of operations and objects, it is difficult to
handle single permissions assigned to subjects, as a subject
has steadily changing permissions over time. Therefore we
introduce system roles, encapsulating permissions from an
IT system, which leads to an abstraction of the permission
levels’ technological details and to a reduction of complex-
ity. This complies with the classical RBAC approaches pro-
posed in [3, 14] but extends them by defining the term role.
Summing up, we define system roles as follows:
• System roles encapsulate permissions for doing related
tasks within one single IT system.
• System roles are assigned to business roles and not di-
rectly to users.
• System roles are organised according to known RBAC
concepts like NIST RBAC [3].
A typical example is a system role named securities
management from a banking system, which e.g. includes
permissions like record securities or edit securities for ad-
ministering securities from a loan applicant. With the in-
creasing complexity of IT systems, the number of system
12. Business Perspective IT Perspective
Role Mapping
User
Business Role
Business Role Policy System Role Policy
*
*
1..*
1..*
1..* 1..*
1..*
*
Policy Assignment Policy Assignment
System Role
Business Process
*
*
User
Assignment
13. uses
Figure 1. The B&S-RBAC meta-model
roles is exploding tremendously. For example, an applica-
tion in the banking domain can have some hundred system
roles, and several applications exist. Putting this in the big
picture of an enterprise’s application landscape, sometimes
with several hundreds of applications, several thousands of
system roles exist. It is obvious, that this huge amount of
system roles is difficult to manage and more important not
be understood by the business domain, so that business roles
encapsulating system roles is a possibility to abstract this
complexity.
3.3 The B&S-RBAC meta-model
Considering the analysis of business and system roles
and state of the art role-based access control concepts, two
main problems can be identified: On the IT side a huge
amount of system roles exists. Their strong IT focus de-
couples them from the business domain and their number
makes their administration very complicated and complex.
On the business side roles are used to represent busi-
ness tasks but they lack a relation to the IT systems’ roles.
To overcome these problems, B&S-RBAC allows a holistic
view on roles defined in an enterprise environment. To unify
the business and the IT world, business roles and system
roles have a role mapping relation, depicted in the meta-
model in Figure 1. The connection between both enables
the usage of business roles and system roles in each’s orig-
inal domain. The business side is using business roles as a
description for job profiles without need for technological
knowledge of the underlying IT systems. The IT side uses
the systems roles, but knows according to the mapping to
14. the overarching business role the business context.
The left part in Figure 1 shows the business-focused part
of B&S-RBAC. The user has one or more business roles as-
signed. Business roles are used in business processes to de-
scribe business role owners who are allowed and responsi-
ble for performing an activity. To each business role a busi-
ness role policy is connected, defining its authorisations at a
139
business level and reflecting its distinction for certain busi-
ness tasks. Business roles may be structured in hierarchies
to allow inheritance, but this is out of the papers’ scope.
The IT-focused part on the right side shows the system
role and its assignment to system role policies, abstracting
the IT systems’ permissions. That means, system role poli-
cies contain the information what a system role is allowed
to do within an IT system. In order to structure the IT sys-
tems’ permissions and roles, known RBAC concepts (cf.
[3, 7, 14]) can be utilised for supporting the building of
hierarchies including role-inheritance, generic roles, joker
permissions, user-based attributes and constraints or sepa-
ration of duties (SoD). As these technological aspects of
RBAC models are out of the paper’s scope, we will not ad-
dress these concepts in detail.
Both parts are connected by the role mapping between
business roles and system roles. Each business role is re-
lated to one or more system roles, connecting the business
and the IT world together. This is the only connection be-
tween the business and the IT perspective, more connec-
tions will mix up B&S-RBACs’ paradigm of a clear defini-
15. tion and separation of business and IT roles.
4 Applying B&S-RBAC in the banking do-
main
In the banking domain role concepts are very important
to ensure a separation of duties and to be compliant with
laws and regulations like Basel II or the Sarbanes Oxley
Act (SOX) [1]. In this section we apply the concept B&S-
RBAC to the roles involved when a loan application has to
be checked and approved. Three people with different job
profiles are involved in this process. Alice is the contact
person to the customer, she creates the act necessary for
the loan application and ensures that all required data are
collected. For obtaining more knowledge about the credit-
worthiness of the customer, she may use a scoring service.
Bob works in the back office and prepares and approves the
loan application. He is able to view and record the securities
provided by the customer, may use the scoring service and
will create the loan contract and the loan account. Finally
Bob values the loan. Chris, the third person involved, is
Bob’s supervisor with extended permissions. He may value
loans exceeding the limit of his subordinates. For perform-
ing the loan application process, three different IT systems
are used, each system with its own organisation and admin-
istration of roles and permissions.
The traditional role assignment is depicted in Figure 2.
The users are assigned to roles (white boxes within the grey
boxes) in different IT systems (grey boxes). Each user has
various assignments to the IT systems. Many assignments
are redundant information – Bob differs just in two assigned
roles from Chris. It can be easily seen, that these assign-
IT Perspective
20. co
ri
ng
M
gm
t.
S
co
ri
ng
M
gm
t.
Credit System
System Roles System Roles System Roles
Business Perspective
Users
Alice Bob Chris
Figure 2. Traditional role assignment
ments are very complex and difficult to maintain. This point
is where B&S-RBAC comes into play. The relation between
identities and roles in the IT systems is analysed with the
help of a so-called role-mining process. The outcome of this
analysis is the introduction of business roles and the reor-
21. ganisation of roles for reducing complexity which is shown
in Figure 3. First of all four business roles can be identified
clerk, employee, loan officer and senior loan officer which
aggregate the already known system roles. For example the
business role employee encapsulates system roles which are
used by every employee in this scenario. It is not necessary
to assign each employee his basic system roles directly, it
is much more logical to combine a set of them in a busi-
ness role. The business role is then assigned to the identity.
Compared with the situation described in Figure 2 the rela-
tion between identities and roles is clearer.
The decoupling of system roles and identities by the
business role layer enables changes in the IT system without
effects on the employees. The assignment of system roles
to business roles may change, e.g. new system roles may
be added and obsolete ones may be removed without any
influence on the relation between business roles and iden-
tities. This saves a tremendous amount of work and over-
head, considering that in the traditional role assignment ev-
ery change of a system role has effects on the identities,
leading to hundreds or thousands of alterations in the role
assignment when common system roles are changing.
5 Conclusion and further work
In this paper we proposed B&S-RBAC, a model for busi-
ness focused role-based access control which overcomes the
weakness of existing business role definitions and RBAC
models. We have defined business and systems roles and
their relation to each other. Business roles represent job
140
27. profiles and business tasks within an enterprise and are di-
rectly assigned to users. System roles encapsulate permis-
sions of certain IT systems and are only assigned to busi-
ness roles. Within IT systems they may be organised ac-
cording to known RBAC concepts. Although there has been
much research on role-based access control in the past, this
explicit definition was still missing. The concept of B&S-
RBAC allows the usage of business roles in the modelling
of secure business processes [9]. This is novel, as informa-
tion on roles and owners of activities and tasks was often
descriptive nature without an underlying concept or a rela-
tion to the supporting IT systems.
Future work will be done on the integration of business
roles in secure business process modelling and the genera-
tion of security policies with the help of model-driven tech-
niques. In the area of compliance the dichotomy of business
and system roles motivates additional research on separa-
tion of duties and the roles’ life cycle.
References
[1] M. Burling. The key to compliance. Database-and-
Network-Journal, 35(3):17–18, 2005.
[2] S. Cormack, A. Cater-Steel, J. H. Nord, and G. D. Nord.
Resolving the troubled it-business relationship from a cul-
tural perspective. In Proceedings of the 12th Australasian
Conference on Information Systems, Coffs Harbour, NSW,
Australia, Dec. 2001.
[3] D. F. Ferraiolo, R. Sandhu, S. Gavrila, D. R. Kuhn, and
R. Chandramouli. Proposed NIST standard for role-based
access control. ACM Transactions on Information and Sys-
tem Security, 4(3):224–274, Aug. 2001.
28. [4] M. Hammer. Reengineering work: don’t automate, obliter-
ate. Harvard Business Review, 68(4):104–112, 1990.
[5] A. A. E. Kalam, S. Benferhat, A. Miège, R. E. Baida, F.
Cup-
pens, C. Saurel, P. Balbiani, Y. Deswarte, and G. Trouessin.
Organization based access control. In Proceedings of the
4th IEEE International Workshop on Policies for Distributed
Systems and Networks, pages 120–131, June 2003.
[6] G. Keller, M. Nüttgens, and A.-W. Scheer. Semantische
Prozessmodellierung auf der Grundlage Ereignisgesteuerter
Prozessketten (EPK), volume 89. Universität des Saarlan-
des, Jan. 1992.
[7] A. Kern. Advanced features for enterprise-wide role-based
access control. In Proceedings of the 18th Annual Computer
Security Applications Conference. IEEE Computer Society,
2002.
[8] A. Kern, M. Kuhlmann, A. Schaad, and J. Moffett. Ob-
servations on the role life-cycle in the context of enterprise
security management. In Proceedings of the 7th ACM Sym-
posium on Access Control Models and Technologies, pages
43–51. ACM, 2002.
[9] H. Klarl, C. Wolff, and C. Emig. Identity management in
business process modelling: A model-driven approach. In
9. Internationale Tagung Wirtschaftsinformatik – Business
Services: Konzepte, Technologien, Anwendungen, Band 1,
pages 161–170, Vienna, Austria, Feb. 2009. Österreichische
Computer Gesellschaft.
[10] T. Neubauer, M. Klemen, and S. Biffl. Secure business pro-
cess management: A roadmap. In Proceedings of the 1st
29. International Conference on Availability, Reliability and Se-
curity, pages 457 – 464. IEEE Computer Society, Apr. 2006.
[11] E. Newcomer and G. Lomow. Understanding SOA with
Web
Services. Addison-Wesley, 2005.
[12] Object Management Group, Inc. Business Pro-
cess Modeling Notation (BPMN) Specifica-
tion. http://www.bpmn.org/Documents/
OMGFinalAdoptedBPMN1-0Spec06-02-01.pdf,
Feb. 2006.
[13] Object Management Group, Inc. Unified modeling lan-
guage: Infrastructure – version 2.1.1. http://www.omg.
org/docs/formal/07-02-06.pdf, Feb. 2007.
[14] R. S. Sandhu, E. J. Coynek, H. L. Feinsteink, and C. E.
Youmank. Role-based access control models. IEEE Com-
puter, 29(2):38–47, Feb. 1996.
[15] R. K. Thomas. Team-based access control (tmac): a primi-
tive for applying role-based access controls in collaborative
environments. In Proceedings of the second ACM workshop
on Role-based access control, pages 13–19, New York, NY,
USA, 1997. ACM.
[16] W. van der Aalst and K. van Hee. Workflow Management
– Models, Methods, and Systems. MIT Press, 1. MIT Press
paperback edition, 2004.
[17] M. Weske. Business Process Management – Concepts, Lan-
guages, Architectures. Springer, 2007.
[18] F. Wortmann. Entwicklung einer Methode für die un-
ternehmensweite Autorisierung. PhD thesis, Universität St.