On Optimal Employee Assignment in Constrained Role-Based Access Control Systems

摘要

Since any organizational environment is typically resource constrained, especially in terms of human capital, organization managers would like to maximize the utilization of available human resources. However, tasks cannot simply be assigned to arbitrary employees since the employee needs to have the necessary capabilities for executing a task. Furthermore, security policies constrain the assignment of tasks to employees, especially given the other tasks assigned to the same employee. Since role-based access control (RBAC) is the most commonly used access control model for commercial information systems, we limit our attention to consider constraints in RBAC. In this article, we define the Employee Assignment Problem (EAP), which aims to identify an employee to role assignment such that it permits the maximal flexibility in assigning tasks to employees while ensuring that the required security constraints are met. We prove that finding an optimal solution is NP-complete and therefore provide a greedy solution. Experimental evaluation of the proposed approach shows that it is both efficient and effective.