Context-sensitive Constraints for Access Control of Business Processes

Gordana Milosavljević1, Goran Sladić1, Branko Milosavljević1, Miroslav Zarić1, Stevan Gostojić1 and Jelena Slivka1

  1. Faculty of Technical Sciences, University of Novi Sad
    Trg D. Obradovića 6, 21000 Novi Sad, Serbia
    {grist, sladicg, mbranko, miroslavzaric, gostojic, slivkaje}


Workflow management systems (WfMS) are used to automate and facilitate business processes of an enterprise. To simplify the administration, it is a common practice in many WfMS solutions to allocate a role to perform each activity of the process and then assign one or more users to each role. Typically, access control for WfMS is role-based with a support of constraints on users and roles. However, merely using role and constraints concepts can hardly satisfy modern access control requirements of a contemporary enterprise. Permissions should not solely depend on common static and dynamic principles, but they must be influenced by the context in which the access is requested. In this paper, we focus on the definition and enforcement of the context-sensitive constraints for workflow systems. We extended the common role-based constraints listed in literature with context-sensitive information and workflow specific components. Also, we propose a mechanism for enforcing such constraints within WfMS.

Key words

constraints, separation of duty, access control, context-sensetive, business process

Digital Object Identifier (DOI)

Publication information

Volume 15, Issue 1 (January 2018)
Year of Publication: 2018
ISSN: 1820-0214 (Print) 2406-1018 (Online)
Publisher: ComSIS Consortium

Full text

DownloadAvailable in PDF
Portable Document Format

How to cite

Milosavljević, G., Sladić, G., Milosavljević, B., Zarić, M., Gostojić, S., Slivka, J.: Context-sensitive Constraints for Access Control of Business Processes. Computer Science and Information Systems, Vol. 15, No. 1, 1–30. (2018),