Operative role management relates to the commanding officers' work of managing their resources dealing with emergency situations. It concerns assigning and delegating the right roles to the right resources at a specific moment. Role management is commonly understood as system role management, relating to access control and administrative role management. Operative role management is in turn the practical daily work of emergency organizations' personnel and relates to overall resource management. In-depth ethnographic research has been carried out, and the difference between operative and system role management has been distinguished in this chapter. The research concentrates both on the practical work processes of the emergency management staff and on the information systems and their functionalities. Through this two-folded approach, role management approach has been divided into three domains: administrative management domain, operative domain, and their common domain. The chapter focuses on describing the interdependencies between the role management approaches with examples from field studies and findings from literature.
TopIntroduction And Background
Commonly, role management refers to an organization’s capability to manage the roles in which each employee performs as part of his or her job functions. In technological terms, role management relates to managing access control/authorization and specifying the resources the users are allowed to access in an application or computer system (Aedo, Diaz & Sanz, 2006; Al-Kahtani & Sandhu, 2002; Ferraiolo, Kuhn & Chandramouli, 2007). RBAC (Role-Based Access Control) regulates the access to resources and computer system objects based on the roles defined in an organization (Sanz, Aedo, Diaz & de Castro, 2006; Ferraiolo, Kuhn & Chandramouli, 2007). The key RBAC hypothesis is that roles and related responsibilities are much more persistent than users (Sanz et al., 2006; Aedo et al., 2006). After the responsibilities of an organization are defined, they rarely change. Usually, what changes is the user or users that work with a specific responsibility in a specific situation. Much of the previous research in this field is based on RBAC, its mechanisms and extensions (Sanz, Gómez Bello, Díaz, Sainz & Aedo, 2007; Haibin & MengChu, 2006; Aedo & al., 2006; Tahir, 2007), such as context-aware dynamic access control (Kim et al., 2005; Zhang & Parashar, 2004) or attribute-based user-role assignment (Al-Kahtani & Sandhu, 2002).
In multi-authority emergency situations where collaboration between authorities emerges, it is often necessary to share information within or between organizations. The organizations have implemented various information and communication systems to support the activities in the command and control rooms as well as in-the-field actions (Mehrotra, Butss, Klashnikov & Venkatasubramanian, 2004; Sanz & al., 2007; Smirnov, Pashkin, Levashova, Shilov & Kashevnik, 2007). The information technology challenges focus on the systems and procedures to get the right information to the right person at the right time (Sanz & al., 2007; Ianella & Henricksen, 2007). RBAC can be used to control information sharing in the systems and to solve some of the information sharing obstacles. However, RBAC still requires improvements to function in a dynamic environment. Moreover, challenges are caused by relatively low integration of information and communication technologies in the emergency management field (Wybo & Lonka, 2002).