Towards a Comprehensive Complexity Assessment of RBAC Models

Johannes Prescher, Sigrid Schefer-Wenzl, Anne Baumgraß, Mark Strembeck, Jan Mendling

Publication: Scientific journalJournal article


In the context of process-aware information systems, process-related RBAC models define which tasks of a business process can be performed by which subjects. Entailment constraints on tasks, such as mutual exclusion or binding constraints, are defined in such models to enforce or restrict subjects and roles to execute a particular combination of tasks. Although these constraints are an important means to assist the specification of business processes and to control the execution of workflows, they require additional checks and can make an RBAC model more difficult to understand. This paper investigates the factors that contribute to the reasoning effort required to understand a process-related RBAC model. We present a set of measures for such RBAC models. Moreover, these measures are applied to a set of different RBAC models to indicate the measures' suitability for assessing the complexity of RBAC models.
Original languageEnglish
Pages (from-to)12 - 23
Issue number2
Publication statusPublished - 2014

Austrian Classification of Fields of Science and Technology (ÖFOS)

  • 502
  • 102
  • 502050 Business informatics
  • 202031 Network engineering

Cite this