Workflow management employing role-based access control
First Claim
1. A method for employment of role-based access control (RBAC) techniques for controlling the ability of individuals to carry out operations within a workflow process, comprising the steps of:
- (1) decomposing the workflow process into sequential and parallel segments, each comprising one or more activities, wherein access to at least one specific instance of a resource is required for performance of each activity, said segments being ordered for performance in a defined sequence;
(2) creating roles corresponding to each segment in a role-based access control (RBAC) system, wherein a role is the means by which access to a specific instance of a resource is determined, whereby each of the activities comprised by each of the segments is assigned to one or more of the roles corresponding to each segment;
(3) assigning one or more individuals to each role;
(4) activating each role when all activities of all preceding segments have been successfully performed, by granting individual(s) assigned to an activated role permission to perform each activity within the corresponding successive segment;
(5) withdrawing each permission as the corresponding activity is completed; and
(6) deactivating each role as the corresponding segment is completed.
1 Assignment
0 Petitions
Accused Products
Abstract
A workflow sequence specified by a process definition is managed by a workflow management system which enacts each segment in the order specified by that process definition. Role-based access control (RBAC) is used to define membership of individuals in groups, i.e., to assign individuals to roles, and to then activate the roles with respect to the process at appropriate points in the sequence. Any individual belonging to the active role can perform the next step in the business process. Changes in the duties and responsibilities of individuals as they change job assignments are greatly simplified, as their role memberships are simply reassigned; the workflow process is unaffected.
510 Citations
4 Claims
-
1. A method for employment of role-based access control (RBAC) techniques for controlling the ability of individuals to carry out operations within a workflow process, comprising the steps of:
-
(1) decomposing the workflow process into sequential and parallel segments, each comprising one or more activities, wherein access to at least one specific instance of a resource is required for performance of each activity, said segments being ordered for performance in a defined sequence; (2) creating roles corresponding to each segment in a role-based access control (RBAC) system, wherein a role is the means by which access to a specific instance of a resource is determined, whereby each of the activities comprised by each of the segments is assigned to one or more of the roles corresponding to each segment; (3) assigning one or more individuals to each role; (4) activating each role when all activities of all preceding segments have been successfully performed, by granting individual(s) assigned to an activated role permission to perform each activity within the corresponding successive segment; (5) withdrawing each permission as the corresponding activity is completed; and (6) deactivating each role as the corresponding segment is completed. - View Dependent Claims (2, 3, 4)
-
Specification
-
- Resources
-
Current AssigneeThe United States of America As Represented By The Secretary of Commerce
-
Original AssigneeTHE GOVERNMENT OF THE UNITED STATES OF AMERICA, AS REPRESENTED BY THE SECRETARY OF COMMERCE
-
InventorsBarkley, John
-
Primary Examiner(s)MacDonald, Allen R.
-
Assistant Examiner(s)MEINECKE DIAZ, SUSANNA M
-
Application NumberUS08/980,908Time in Patent Office953 DaysField of Search705/6, 705/7, 705/8, 705/9US Class Current705/7.26CPC Class CodesG06Q 10/06311 Scheduling, planning or tas...G06Q 10/06316 Sequencing of tasks or workG06Q 10/0633 Workflow analysisG06Q 10/10 Office automation; Time man...
