Francis M. Kugblenu; Memon Asim MCS-2006-16, pp. 46. TEK/avd. för interaktion och systemdesign, 2007.
In today’s business world, many organizations use Information Systems to many their
sensitive and business critical information. The need to protect such a key component of the
organization cannot be over emphasized. Access control has been found to be one of the
effective ways of insuring that only authorized users have access to the information resources
to perform their job function. Role Based Access Control has been found to be the access
control mechanism that fits naturally with the organizational structure of businesses.
Separation of duties is a security principle that has been used extensively to prevent conflict of
interest, fraud and error control in organizations. In this thesis, we identify the various forms
of separation of duties in role based access control systems. We also do a case study of the
role based access control system in the banking application of a financial institution.