Role-Aware Security Models Embedded Within Workflow Engines for Compliance Platforms
DOI:
https://doi.org/10.63282/3050-9262.IJAIDSML-V7I2P119Keywords:
Role-Based Access Control, Workflow Security, Compliance Platforms, Segregation of Duties, Auditability, Low-Code SecurityAbstract
Compliance platforms in regulated environments must enforce granular, auditable access controls that adapt to dynamic investigative workflows. Static role-based access control (RBAC) models are insufficient for modern compliance operations where permissions must evolve with workflow state, case context, and regulatory constraints. This paper proposes a role-aware security model embedded within workflow engines that combines RBAC with contextual policy evaluation and decision-state tracking. The framework introduces workflow-bound authorization, segregation-of-duties enforcement, and comprehensive audit logging aligned with regulatory expectations. A hybrid low-code and pro-code architecture is presented to enable scalable implementation across enterprise systems while preserving governance and performance (Vadlamudi, 2026). The approach enhances transparency, reduces operational risk, and supports regulator-ready evidence reconstruction.
References
[1] Vadlamudi, S. (2026). Low-code and pro-code hybrid architecture for financial and federal regulatory agencies. International Journal of Emerging Trends in Computer Science and Information Technology, 7(1), 197–200. https://doi.org/10.63282/3050-9246.IJETCSIT-V7I1P129
[2] Ferraiolo, D., Kuhn, D., & Chandramouli, R. (2003). Role-based access control. Artech House.
[3] National Institute of Standards and Technology. (2020). Security and privacy controls for information systems and organizations (SP 800-53 Rev. 5).
[4] International Organization for Standardization. (2018). ISO 31000: Risk management guidelines.
[5] Deloitte. (2021). Modernizing compliance technology platforms.
[6] KPMG. (2022). Automation in anti-money laundering compliance.
[7] Financial Action Task Force. (2020). Guidance on digital identity for customer due diligence.
