The presentation will be done in German.
Benutzerautorisierung in Informationssystemen mit parametrisierten Rollen (Bachelor's thesis)
Modern information systems manage confidential data which must not fall into the wrong hands. User authorization is the process of checking whether a user has been granted specific permissions. A role based approach simplifies access control at the cost of flexibility.
We are introducing a method to define roles with parameters. This way, a finite description at design time can define an arbitrary number of roles at runtime. For example, a single description of the role project manager for project X suffices to define the role of project manager in every project managed by the system. It is also possible to structure roles in a hierarchical way and to inherit permissions from other roles.
An exemplary implementation of a security layer undertakes the task of checking permissions. It may be placed between the GUI and the access layer. Checking permissions in a dedicated deeper layer enables robust access control.