The modelling of business processes is widely used in enterprises. Though this is very common,
requirements for identity management and access control are often collected separately in
documents or requirement tools. Due to the business-driven background of access control, this kind
of requirement should be collected at the business site's business process model. This work
introduces a meta-model for modelling access control requirements at the business process level. It
combines the model and its requirements, reducing the risk of inconsistencies caused by process
changes. A model-driven development process utilises the enriched models for generating policies
for different identity management products.