Comprehensive Life Cycle Support for Access Rules in Information Systems: The CEOSIS Project

The definition and management of access rules (e.g., to control access to business documents and business functions) is a fundamental task in any enterprise
information system (EIS). While there exists considerable work on how to specify and represent access rules, only little research has been spent on access rule changes. Examples include the evolution of organizational models with need for subsequent adaptation of related access rules as well as direct access rule modifications (e.g., to state a previously defined rule more precisely). This paper
presents a comprehensive change framework for the controlled evolution of role-based access rules in EIS. First, we consider changes of organizational models and elaborate how they affect existing access rules. Second, we define change operations which enable direct adaptations of access rules. In the latter context, we define the formal semantics of access rule changes based on operator
trees. Particularly, this enables their unambiguous application; i.e., we can precisely determine which effects are caused by respective rule changes. This is
important, for example, to be able to efficiently and correctly adapt user worklists in process-aware information systems. Altogether this paper contributes to comprehensive life cycle support for access rules in (adaptive) EIS.