Workflow management employing role-based access control
First Claim
1. A method for employment of role-based access control (RBAC) techniques for controlling the ability of individuals to carry out operations within a workflow process, comprising the steps of:
- (1) decomposing the workflow process into sequential and parallel segments, each comprising one or more activities, wherein access to at least one specific instance of a resource is required for performance of each activity, said segments being ordered for performance in a defined sequence;
(2) creating roles corresponding to each segment in a role-based access control (RBAC) system, wherein a role is the means by which access to a specific instance of a resource is determined, whereby each of the activities comprised by each of the segments is assigned to one or more of the roles corresponding to each segment;
(3) assigning one or more individuals to each role;
(4) activating each role when all activities of all preceding segments have been successfully performed, by granting individual(s) assigned to an activated role permission to perform each activity within the corresponding successive segment;
(5) withdrawing each permission as the corresponding activity is completed; and
(6) deactivating each role as the corresponding segment is completed.
1 Assignment
0 Petitions
Accused Products
Abstract
A workflow sequence specified by a process definition is managed by a workflow management system which enacts each segment in the order specified by that process definition. Role-based access control (RBAC) is used to define membership of individuals in groups, i.e., to assign individuals to roles, and to then activate the roles with respect to the process at appropriate points in the sequence. Any individual belonging to the active role can perform the next step in the business process. Changes in the duties and responsibilities of individuals as they change job assignments are greatly simplified, as their role memberships are simply reassigned; the workflow process is unaffected.
-
Citations
4 Claims
-
1. A method for employment of role-based access control (RBAC) techniques for controlling the ability of individuals to carry out operations within a workflow process, comprising the steps of:
-
(1) decomposing the workflow process into sequential and parallel segments, each comprising one or more activities, wherein access to at least one specific instance of a resource is required for performance of each activity, said segments being ordered for performance in a defined sequence; (2) creating roles corresponding to each segment in a role-based access control (RBAC) system, wherein a role is the means by which access to a specific instance of a resource is determined, whereby each of the activities comprised by each of the segments is assigned to one or more of the roles corresponding to each segment; (3) assigning one or more individuals to each role; (4) activating each role when all activities of all preceding segments have been successfully performed, by granting individual(s) assigned to an activated role permission to perform each activity within the corresponding successive segment; (5) withdrawing each permission as the corresponding activity is completed; and (6) deactivating each role as the corresponding segment is completed. - View Dependent Claims (2, 3, 4)
-
Specification