Aligning Access Rights to Governance Needs with the Responsability MetaModel (ReMMo) in the Frame of Enterprise Architecture

Nowadays the economy relies on companies evolving in an increasingly highly regulated environment, having their operations strongly formalised and controlled, and being often organised following a bureaucratic approach. In such a context, aligning the business operations with the appropriate IT infrastructure is a challenging and critical activity. Without efficient business/IT alignment, these companies face the risk not to be able to deliver their business services satisfactorily and that their image is seriously altered and jeopardised. Among the many challenges of business/IT alignment is the access rights management which should be conducted considering the rising governance needs, such as taking into account the business actors' responsibility. Unfortunately, in this domain, we have observed that no solution, model and method, fully considers and integrates the new needs yet. Therefore, the thesis proposes firstly to define an expressive Responsibility metamodel, named ReMMo, which allows representing the existing responsibilities at the business layer and, thereby, allows engineering the access rights required to perform these responsibilities, at the application layer. Secondly, the Responsibility metamodel has been integrated with ArchiMate to enhance its usability and benefits from the enterprise architecture formalism. Finally, a method has been proposed to define the access rights more accurately, considering the alignment of ReMMo and RBAC. The research was realised following a design science and action design based research method and the results have been evaluated through an extended case study at the Centre Hospitalier de Luxembourg.