Fine-Granularity Access Control in 3-tier
Laboratory Information Systems
Xueli Li, Nomair. A. Naeem, Bettina Kemme
Laboratory information systems (LIMS) are used in life science research
to manage complex experiments. Since LIMS systems are often shared by
different research groups, powerful access control is needed to allow
different access rights to different records of the same table.
Traditional access control models that define a permission as the right
of a user/role to perform a specific operation on a specific object
cannot handle the enormous amount of objects and user/roles. In this
paper we propose an enhancement to role-based access control by
introducing conditions that can be added to the traditional concept of
permissions in order to keep the number of permissions small.
Furthermore, we present an implementation of our access control model
at the application programming level. Although access control is
performed for every single database access, our solution completely
separates access control from the application logic by using
aspect-oriented programming. With this, access control can be
integrated into a legacy 3-tier information system without changing the
Conf. Montreal, Canada, July 2005
Click to get pdf version.