Article Preview
TopIntroduction And Background
Commonly, role management refers to an organization's capability to manage in the roles each employee performs as part of his or her job functions. In technological terms, role management relates to managing access control/authorization and specifying the resources the users are allowed to access in an application or computer system (Aedo, Diaz, & Sanz, 2006; Al-Kahtani & Sandhu, 2002; Ferraiolo, Kuhn, & Chandramouli, 2007). RBAC (Role-Based Access Control) regulates the access to resources and computer system objects based on the roles defined in an organization (Sanz, Aedo, Diaz, & de Castro, 2006; Ferraiolo, Kuhn, & Chandramouli, 2007). The key RBAC hypothesis is that roles and related responsibilities are much more persistent than users (Sanz et al., 2006; Aedo et al., 2006). After the responsibilities of an organization are defined, they rarely change. Usually, what changes is the user or users that work with a specific responsibility in a specific situation. Much of the research is based on RBAC, its mechanisms and extensions (Sanz, Gómez Bello, Díaz, Sainz, & Aedo, 2007; Haibin & MengChu, 2006; Aedo et al., 2006; Tahir, 2007), such as context-aware dynamic access control (Kim et al., 2005; Zhang & Parashar, 2004) or attribute-based user-role assignment (Al-Kahtani & Sandhu, 2002).
In multi-authority emergency situations where collaboration between authorities emerges, it is often necessary to share information within or between organizations. The organizations have implemented various information and communication systems to support the activities in the command and control rooms as well as in-the-field actions (Mehrotra, Butss, Klashnikov, & Venkatasubramanian, 2004; Sanz et al., 2007; Smirnov, Pashkin, Levashova, Shilov, & Kashevnik, 2007). The information technology challenges focus on the systems and procedures to get the right information to the right person at the right time (Sanz et al., 2007; Ianella & Henricksen, 2007). RBAC can be used to control information sharing in the systems and solve some of the information sharing obstacles. However, RBAC still requires improvements to function in a dynamic environment. Moreover, challenges are caused by relatively low integration of information and communication technologies in the emergency management field (Wybo & Lonka, 2002).