In case of collaborative modeling, complex systems are de-
veloped by different stakeholders. To guarantee security,
access control policies need to be enforced during the col-
laboration. Levels of required confidentiality and integrity
may vary across modeling artifacts, and even features of a
single model element.
Fine-grained rule-based access control was proposed to
meet the needs of flexible and concise access control. Rule-
based policies are inherently subject to conflicts between
the rules; these conflicts should be interpreted in a consis-
tent but also predictable way that caters to the preferences
of the policy engineer.
We propose a deterministic, parameterizable resolution
strategy between conflicting rules to calculate effective ac-
cess permissions for each fact in the model. Our approach is
illustrated using a case study of the MONDO EU projec