Administration of access control in information systems using URBAC model

Abstract

Since the value of information is constantly growing more and more businesses are in need for information system to aid them with information gathering and processing. The most important issue that arises here is how to ensure safety of this data that may be held on servers, personal computers or PDAs. This is where access control comes in. The main role of access control is to ensure that no unauthorized user will be able to gain access to resources and be able to copy or modify them. The paper deals with the process of access control administration in information systems with the use of usage role-based control approach. The presented process is based on the role engineering concept that includes the creation of security schema of access control divided between two actors - application/system developer and security administrator. They realize their tasks during two main phases that allow to define the complete access control schema for information systems of an organization.