Skip to Main Content
Business applications have to deal with two types of access control models: the role-based and the discretionary access control model. The main contribution of this paper is that both data models are unified in a single description language. Starting from a meta model of an object oriented data model, this paper shows how to describe and integrate access control needs in common business applications using an authorization model based on path expressions. These path expressions can be used to construct set-oriented queries for access control decisions derived from the data model of the application.