TY  - JOUR
AB  - Based on organizational task decomposition, an extensive role‐based access control (ERBAC) model is proposed in this paper. In ERBAC, the abstract concept of “permission” in RBAC96 is substituted by a set of “tasks”, mutual exclusion of basic business actions and mutual exclusion of roles are presented, and separation of duty (SoD) policy is defined formally. Furthermore, a method of identifying mutual exclusion of roles is described, and static SoD and dynamic SoD algorithms are discussed. This paper is significant for modeling and implementing business‐oriented SoD policy for information systems.
VL  - 12
IS  - 5
SN  - 0968-5227
DO  - 10.1108/09685220410563351
UR  - https://doi.org/10.1108/09685220410563351
AU  - Xing‐fen Wang
AU  - Yi‐jun Li
PY  - 2004
Y1  - 2004/01/01
TI  - Formal definition and implementation of business‐oriented SoD access control policy
T2  - Information Management & Computer Security
PB  - Emerald Group Publishing Limited
SP  - 379
EP  - 388
Y2  - 2024/04/23
ER  -