Workflow Management Employing Role-based Access Control

Workflow Management Employing Role-based Access Control

Role-based access control (RBAC) is a widely used access control model. A primary reason for this is its ease of administration compared to other access control mechanisms. Administrators naturally think about a user’s relationship to the organization in terms of the user’s job responsibilities. These responsibilities constitute the user’s roles within the organization. With RBAC, access is based on these roles. An administrator’s organizational view is the access control mechanism.

Workflow is the partial or complete automation of a business process. Workflows consist of a set of activities carried out in a predefined order. Each activity requires privileged operations. Access to an activity is restricted to users authorized to carry out that activity. Privileged operations permitted to users can continually change during the execution of a workflow. Such requirements for administering access to activities as the workflow progresses suggest the use of RBAC as the access control mechanism based on its ease of administration. In addition, RBAC can also be used as a means of ensuring that the activities that make up a workflow are carried out in the correct sequence.

NIST has developed a process whereby a workflow management system can be created that uses an existing trusted RBAC implementation as the means to manage the execution of workflows. This process provides not only access control for each activity in a workflow, but also the proper sequencing of activities as specified in the workflow definition. As a result, this process can lower the cost of developing a workflow management system and improve the system’s security by increasing the assurance that privileged operations to perform an activity within a workflow are assigned correctly.

For more information: Cathy Cohn, 301-975-6691, or

Member Labs