Business processes and information systems evolve constantly and affect each other in
non-trivial ways. Aligning security requirements between both is a challenging task. This work
presents an automated approach to extract access control requirements from business processes
with the purpose of transforming them into a) access permissions for role-based access control
and b) architectural data flow constraints to identify violations of access control in
enterprise application architectures.
