Workflow systems are often associated with business process re‐engineering (BPR). This paper argues that the functional access control requirements in workflow systems are rooted in the scope of a BPR project. A framework for access control in workflow systems is developed. The framework suggests that existing role‐based access control mechanisms can be used as a foundation in workflow systems. The framework separates the administration‐time and the run‐time aspects. Key areas that must be investigated to meet the functional requirements imposed by workflow systems on access control services are identified.
Background: The urgency to enforce the Protection of Personal Information (POPI) Act is building up within South Africa, triggered by the appointment of the Information Regulator for POPI on 01 December 2016. However, for data management practitioners, the absence of a practical guideline on how to legally process personal information of employees, customers or other juristic persons in line with the POPI Act poses a day-to-day technical challenge, especially for those embarking on a maiden journey to comply with the POPI Act.Objectives: The objective of this article is to explore and analyse the unique perspectives of data management professionals who are vested with the responsibility of driving the successful enforcement of the POPI Act within their respective organisations, with the end goal of formulating a practical guideline for the enforcement of the POPI Act.Method: To achieve the objectives of this research article, semi-structured interviews were conducted with a purposive, convenience sample of 16 data management professionals within companies in South Africa. A recording of their views was obtained through one-on-one interviews and a group interview.Results: From the semi-structured interviews, group interview and response to the questions, several findings and learnings were elicited. Zooming into these findings showed close similarities in the actions taken by data management professionals operating in a similar industry. Based on these results, a high-level sequence of steps on how to enforce the POPI Act was formulated.Conclusion: Based on the formulated sequence of steps, it is safe to conclude that the actions of data management professionals can be used to create a practical guideline to enforce the POPI Act. However, to standardise these guidelines across the data management function, there is a need to perform testing with a wider spectrum of data management professionals.
Abstract:Role-based access control associates roles with privileges and users with roles. Changes to these associations are infrequent and explicit. This may not reflect business requirements. Access to an object should not only be based on the identity of the object and the user, but also on the actual task that must be performed, i.e. the context of the work to be done. Context-sensitive access control considers the actual task when deciding whether an access should be granted or not. Workflow technology provides an appropriate environment for establishing the context of work. This paper discusses the implementation of a context-sensitive access control mechanism within a workflow environment. Although the prototype represents scaled-down workflow functionality, it illustrates the concept of context-sensitive access control.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.