Access Control for Monitoring System-Spanning Business Processes

Integrated process support is highly desirable in environ-
ments where data related to a particular (business) process are scattered over distributed and heterogeneous information systems (IS). A process monitoring component is a much-needed module in order to provide an integrated view on all these process data. Regarding process data integration, access control (AC) issues are very important but also quite
complex to be addressed. A major problem arises from the fact that the involved IS are usually based on heterogeneous AC components. For several reasons, the only feasible way to tackle the problem of AC at the process monitoring level is to define access rights for the process monitoring component, hence getting rid of the burden to map access rights from the IS level. In this paper, we propose a set of requirements for AC in process monitoring, which we derived from our case studies in the automotive domain. We then present alternative approaches for AC:the view-based approach and the object-based approach. The latter is re- tained, and a core AC model is proposed for the definition of access rights that meet the derived requirements. AC mechanisms provided within the core model are key ingredients for the definition of model extensions.