Management of access control in information system based on role concept

Development of technology, progress and increase of information flow have the impact also on the development of enterprises and require rapid changes in their information systems. The growth and complexity of functionality that they currently should face cause that their design and realization become the difficult tasks and strategic for the enterprises at the same time. The informations systems store huge amount of data and allow to realize thousands of operations and business transactions on these data each day. In this case, it seems necessary to have the methods, techniques and tools that can make possibly the development of information system on level reflecting currently requirements. The paper describes the aspects of access control management in information systems based on the concepts of roles. This concepts can be presented by the role-based access control model and its extensions defined during last years. The practical implementation of presented concepts was given in the form of platform for access control management that can be used by system developers and security administrators to support their job in assuring the security of data stored and processed in an information system and assuring the global coherence of access control rules in the whole system. The proposed platform was based mainly on the approach connected with the access control model based on the role concept that reflects in the better way the company’s organization on the access control level. The platform can be enrich with additional tool for access control administration with the use of other access control models.