Professional Access Control

Professional Access Control (PAC) is a self-administrating access control model for professional users which employs a peer review process and oversight by system administrators. It is characterised by the existence of ethical controls on the relationships between the users (those accessing data or granting access privileges to others) and data owners. Investigations revealed that the issue of availability was crucial to users in the hospital domain studied, and that to minimise the administrative burden on system administrators, the users needed to take some of the load. These factors led to the development of the new Trusted Access Control (TAC) model which gives users control. TAC is a fundamental access control model, complementary to the well-known Mandatory Access Control (MAC) and Discretionary Access Control (DAC) models. PAC uses TAC at its core and also incorporates Role Based Access Control (RBAC) and Provision Based Access Control (PBAC). This gives it the flexibility and user-friendliness necessary in the hospital environment, while still providing a high degree of data confidentiality and integrity protection. The required PAC functionality has been built into an Oracle package which can be used by new and existing applications, making it a viable access control solution for complex environments such as hospitals. When enabled workflow applications use the Oracle package, access control is automatically effected behind-the-scene, providing both usability benefits and reduced administrative burden.