Forum Poster at CAiSE 24, Marius Breitmayer, Limassol, Cyprus, 6 June 2024, 14:00

The data-driven execution of object-centric processes in information systems requires powerful access control concepts that allow controlling, for example, which attributes of a business object a particular user (role) may read or write at a given point in time during process execution. In practice, it is crucial to be able to check whether the implementation of a fine-grained access control in an information system (i.e., the actual permissions) conforms with corporate requirements (e.g., compliance and security rules). If the execution of business processes is recorded in an event log, the actual access data can be compared with the specified permissions. Such a permission analysis includes the identification of both similarities and discrepancies between corporate requirements and actual implementation. This paper presents an approach for identifying, comparing, analyzing, evaluating, and classifying permissions in object-centric processes based on event logs.