{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,1,5]],"date-time":"2026-01-05T15:05:40Z","timestamp":1767625540577,"version":"3.41.0"},"reference-count":32,"publisher":"Association for Computing Machinery (ACM)","issue":"4","license":[{"start":{"date-parts":[[2016,12,15]],"date-time":"2016-12-15T00:00:00Z","timestamp":1481760000000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":["ACM Trans. Manage. Inf. Syst."],"published-print":{"date-parts":[[2017,1,20]]},"abstract":"<jats:p>Since any organizational environment is typically resource constrained, especially in terms of human capital, organization managers would like to maximize the utilization of available human resources. However, tasks cannot simply be assigned to arbitrary employees since the employee needs to have the necessary capabilities for executing a task. Furthermore, security policies constrain the assignment of tasks to employees, especially given the other tasks assigned to the same employee. Since role-based access control (RBAC) is the most commonly used access control model for commercial information systems, we limit our attention to consider constraints in RBAC. In this article, we define the Employee Assignment Problem (EAP), which aims to identify an employee to role assignment such that it permits the maximal flexibility in assigning tasks to employees while ensuring that the required security constraints are met. We prove that finding an optimal solution is NP-complete and therefore provide a greedy solution. Experimental evaluation of the proposed approach shows that it is both efficient and effective.<\/jats:p>","DOI":"10.1145\/2996470","type":"journal-article","created":{"date-parts":[[2016,12,15]],"date-time":"2016-12-15T17:50:23Z","timestamp":1481824223000},"page":"1-24","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":7,"title":["On Optimal Employee Assignment in Constrained Role-Based Access Control Systems"],"prefix":"10.1145","volume":"7","author":[{"given":"Arindam","family":"Roy","sequence":"first","affiliation":[{"name":"Indian Institute of Technology, Kharagpur, West Bengal, India"}]},{"given":"Shamik","family":"Sural","sequence":"additional","affiliation":[{"name":"Indian Institute of Technology, Kharagpur, West Bengal, India"}]},{"given":"Arun Kumar","family":"Majumdar","sequence":"additional","affiliation":[{"name":"Indian Institute of Technology, Kharagpur, West Bengal, India"}]},{"given":"Jaideep","family":"Vaidya","sequence":"additional","affiliation":[{"name":"Rutgers University, Newark, NJ, USA"}]},{"given":"Vijayalakshmi","family":"Atluri","sequence":"additional","affiliation":[{"name":"Rutgers University, Newark, NJ, USA"}]}],"member":"320","published-online":{"date-parts":[[2016,12,15]]},"reference":[{"key":"e_1_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.4236\/iim.2015.71004"},{"key":"e_1_2_1_2_1","doi-asserted-by":"publisher","DOI":"10.1145\/2295136.2295154"},{"key":"e_1_2_1_3_1","doi-asserted-by":"crossref","unstructured":"D. E. Bell and L. J. Lapadula. 1976. Secure computer system: Unified exposition and multics interpretation. Electronic Systems Division Air Force Systems Command Hanscom Field.  D. E. Bell and L. J. Lapadula. 1976. Secure computer system: Unified exposition and multics interpretation. Electronic Systems Division Air Force Systems Command Hanscom Field.","DOI":"10.21236\/ADA023588"},{"key":"e_1_2_1_4_1","doi-asserted-by":"publisher","DOI":"10.1145\/300830.300837"},{"key":"e_1_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1109\/SECPRI.1989.36295"},{"volume-title":"Proceedings of the 1987 IEEE Symposium on Security and Privacy. 184--194","author":"Clark D. D.","key":"e_1_2_1_6_1","unstructured":"D. D. Clark and D. R. Wilson . 1987. A comparison of commercial and military computer security policies . Proceedings of the 1987 IEEE Symposium on Security and Privacy. 184--194 . D. D. Clark and D. R. Wilson. 1987. A comparison of commercial and military computer security policies. Proceedings of the 1987 IEEE Symposium on Security and Privacy. 184--194."},{"key":"e_1_2_1_7_1","doi-asserted-by":"publisher","DOI":"10.1145\/1063979.1063986"},{"key":"e_1_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1145\/2487222.2487226"},{"key":"e_1_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.1016\/S0012-365X(00)00006-6"},{"key":"e_1_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1145\/1377836.1377838"},{"key":"e_1_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2445566.2445567"},{"key":"e_1_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1016\/j.cose.2011.08.002"},{"key":"e_1_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2014.2309117"},{"key":"e_1_2_1_14_1","doi-asserted-by":"publisher","DOI":"10.1145\/360303.360333"},{"volume-title":"Proceedings of the 27th IFIP International Information Security and Privacy Conference (SEC\u201912)","author":"John J. C.","key":"e_1_2_1_15_1","unstructured":"J. C. John , S. Sural , V. Atluri , and J. Vaidya . 2012. Role mining under role-usage cardinality constraint . In Proceedings of the 27th IFIP International Information Security and Privacy Conference (SEC\u201912) . 150--161. J. C. John, S. Sural, V. Atluri, and J. Vaidya. 2012. Role mining under role-usage cardinality constraint. In Proceedings of the 27th IFIP International Information Security and Privacy Conference (SEC\u201912). 150--161."},{"key":"e_1_2_1_16_1","doi-asserted-by":"crossref","unstructured":"M. J\u00fcnger Th. M. Liebling D. Naddef G. L. Nemhauser W. R. Pulleyblank G. Reinelt G. Rinaldi and L. A. Wolsey. 2009. 50 Years of Integer Programming 1958-2008. Springer.  M. J\u00fcnger Th. M. Liebling D. Naddef G. L. Nemhauser W. R. Pulleyblank G. Reinelt G. Rinaldi and L. A. Wolsey. 2009. 50 Years of Integer Programming 1958-2008. Springer.","DOI":"10.1007\/978-3-540-68279-0"},{"key":"e_1_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/266741.266749"},{"volume-title":"Handbook of Scheduling: Algorithms, Models, and Performance Analysis","author":"Leung J. Y. T.","key":"e_1_2_1_18_1","unstructured":"J. Y. T. Leung . 2004. Handbook of Scheduling: Algorithms, Models, and Performance Analysis . CRC Press . J. Y. T. Leung. 2004. Handbook of Scheduling: Algorithms, Models, and Performance Analysis. CRC Press."},{"key":"e_1_2_1_19_1","doi-asserted-by":"publisher","DOI":"10.1145\/1237500.1237501"},{"key":"e_1_2_1_20_1","doi-asserted-by":"publisher","DOI":"10.1109\/TDSC.2012.21"},{"volume-title":"Proceedings of the 5th Annual Computer Security Applications Conference. 131--139","author":"Miller D. V.","key":"e_1_2_1_21_1","unstructured":"D. V. Miller and R. W. Baldwin . 1990. Access control by boolean expression evaluation . Proceedings of the 5th Annual Computer Security Applications Conference. 131--139 . D. V. Miller and R. W. Baldwin. 1990. Access control by boolean expression evaluation. Proceedings of the 5th Annual Computer Security Applications Conference. 131--139."},{"volume-title":"Proceedings of the 12th International Conference on Intelligent Systems Design and Applications. 386--391","author":"Roy A.","key":"e_1_2_1_22_1","unstructured":"A. Roy , S. Sural , and A. K. Majumdar . 2012. Minimum user requirement in role based access control with separation of duty constraints . In Proceedings of the 12th International Conference on Intelligent Systems Design and Applications. 386--391 . A. Roy, S. Sural, and A. K. Majumdar. 2012. Minimum user requirement in role based access control with separation of duty constraints. In Proceedings of the 12th International Conference on Intelligent Systems Design and Applications. 386--391."},{"volume-title":"Proceedings of the 10th International Conference on Information Systems Security. 109--128","author":"Roy A.","key":"e_1_2_1_23_1","unstructured":"A. Roy , S. Sural , and A. K. Majumdar . 2014. Impact of multiple t-t SMER constraints on minimum user requirement in RBAC . Proceedings of the 10th International Conference on Information Systems Security. 109--128 . A. Roy, S. Sural, and A. K. Majumdar. 2014. Impact of multiple t-t SMER constraints on minimum user requirement in RBAC. Proceedings of the 10th International Conference on Information Systems Security. 109--128."},{"key":"e_1_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.1145\/2811269"},{"volume-title":"Proceedings of the IEEE. 1278--1308","author":"Saltzer J. H.","key":"e_1_2_1_25_1","unstructured":"J. H. Saltzer and M. D. Schroeder . 1975. The protection of information in computer systems . Proceedings of the IEEE. 1278--1308 . J. H. Saltzer and M. D. Schroeder. 1975. The protection of information in computer systems. Proceedings of the IEEE. 1278--1308."},{"key":"e_1_2_1_26_1","doi-asserted-by":"publisher","DOI":"10.1109\/2.485845"},{"key":"e_1_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/800214.806557"},{"key":"e_1_2_1_28_1","doi-asserted-by":"publisher","DOI":"10.1145\/1266840.1266870"},{"volume-title":"Proceedings of the 12th European Symposium on Research in Computer Security. 90--105","author":"Wang Q.","key":"e_1_2_1_29_1","unstructured":"Q. Wang and N. Li . 2007. Satisfiability and resiliency in workflow systems . In Proceedings of the 12th European Symposium on Research in Computer Security. 90--105 . Q. Wang and N. Li. 2007. Satisfiability and resiliency in workflow systems. In Proceedings of the 12th European Symposium on Research in Computer Security. 90--105."},{"key":"e_1_2_1_30_1","doi-asserted-by":"publisher","DOI":"10.1145\/1880022.1880034"},{"key":"e_1_2_1_31_1","doi-asserted-by":"publisher","DOI":"10.1145\/2744207"},{"key":"e_1_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1109\/TSMCC.2008.919168"}],"container-title":["ACM Transactions on Management Information Systems"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2996470","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/2996470","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T04:23:11Z","timestamp":1750220591000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/2996470"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2016,12,15]]},"references-count":32,"journal-issue":{"issue":"4","published-print":{"date-parts":[[2017,1,20]]}},"alternative-id":["10.1145\/2996470"],"URL":"https:\/\/doi.org\/10.1145\/2996470","relation":{},"ISSN":["2158-656X","2158-6578"],"issn-type":[{"type":"print","value":"2158-656X"},{"type":"electronic","value":"2158-6578"}],"subject":[],"published":{"date-parts":[[2016,12,15]]},"assertion":[{"value":"2016-02-01","order":0,"name":"received","label":"Received","group":{"name":"publication_history","label":"Publication History"}},{"value":"2016-09-01","order":1,"name":"accepted","label":"Accepted","group":{"name":"publication_history","label":"Publication History"}},{"value":"2016-12-15","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}