Using Event Logs to Derive Role Engineering Artifacts
Process-aware information systems are used to execute business processes to reach the operational goals of an organization. In this context, access control policies are defined to govern the choice in behavior of such systems. In a role engineering process these access control policies can be defined and customized. This paper introduces a new automated approach to derive access control policies from event logs. For this purpose, the two standard formats for event logs called MXML and XES are used. The event logs can be extracted from process-aware information systems and serve as basis for the derivation of role-based access control artifacts.