Role-based access control (RBAC) is used for managing
authorisation in IT systems, by utilising the concept of
roles. Existing approaches do not clearly define the term
role in its different contexts as well as not considering
the relation between roles and business process modelling.
Therefore this work introduces business and system rolebased
access control (B&S-RBAC). Established role-based
access control models are extended with a business perspective
and the term role is defined from a business and
from an IT perspective, resulting in business and system
roles. The relation between them is shown in a meta-model
and the usage of business roles for secure business process
modelling is explained.