Authorization management in ERP systems

Commonly, authorization management in ERP systems is done with a concept called role based access control. This concept has proven effective in practice but is considered as rather inflexible and high maintenance. The purpose of this master thesis was to investigate the applicability of attribute based access control for ERP systems that is implemented with semantic network technologies. Attribute based access control is a promising concept that pledges to be more flexible and less maintenance intensive, by having access policies governing access requests which evaluate attributes that are assigned to the users and the objects to be protected. Semantic web technologies offer the required modeling and querying capabilities for an implementation of such a system and were therefore regarded as a prospective technology to be used in conjunction with attribute based access control.A design science research cycle was used to create a prototype as an artefact of such an authorization system. The prototype was created using mainly the Resource Description Framework (RDF), Resource Description Framework Schema (RDFS) and the SPARQL Protocol And RDF Query Language (SPARQL) for querying purposes. Data collection was done by means of a literature analysis and tests that were executed on the prototype. The evaluation was finally done on the results of these tests.