Integrating Supervisor Access Using Hybrid RBAC-ABAC In A Web-Based Research Permit Information System
A Case Study At Dr. Moewardi General Hospital
Abstract
The increasing demand for research activities in hospitas requires a secure, reliable and efficient information system to manage research permit applications. In many healthcare institutions, supervisory teams, play a crucial role in monitoring research activities to ensure compliance with institusional policies and ethical standards. This study presents the integration of supervisory team access into the existing web-based Research Permit Information System at Dr. Moewardi General Hospital. The integration is designed to enable the supervisory team to directly access and review research data through the system with access control aligned by hospital’s organizational hierarchy and regulations. To enhancing security and handling some access scenarios, a hybrid access control model combining Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC) is implemented. RBAC is used to define role-specific permissions for different supervisory levels, ensuring consistent enforcement of access boundaries. ABAC complements this by allowing more granular, attribute-driven policies that improve adaptibility to dynamic and context-specific access requirements. The proposed hybrid model strengthens system security and increase flexibility in access management for various supervisory role. This approach demonstrates a practical and scalable solution for integrating multiple access control mechanism in a healthcare research context.
References
[2] Kementerian Kesehatan Republik Indonesia, “Keputusan menteri kesehatan republik indonesia tentang penyelenggaraan penelitian klinik di rumah sakit.” https://ina-crr.id/, 2023.
[3] “Inovasi sistem informasi perizinan penelitian melalui web moewardi (sirian lemoe) di rumah sakit umum daerah dr. moewardi,” 2020.
[4] C. A. Gemawaty and Y. Yuliani, “Manajemen identitas dan akses dalam keamanan sistem informasi (pendekatan literature review),” Jurnal Manajemen Informatika Jayakarta, vol. 4, pp. 396–403, Sept. 2024.
[5] M. U. Aftab, M. A. Habib, N. Mehmood, M. Aslam, and M. Irfan, “Attributed role based access control model,” in Proceedings of the 2015 Conference on Information Assurance and Cyber Security (CIACS), pp. 83–89, Jan. 2016.
[6] H. F. Atlam and Y. Yang, “Enhancing healthcare security: A unified rbac and abac risk-aware access control approach,” Future Internet, vol. 17, p. 262, June 2025.
[7] Yuricha and I. K. Phan, “Penerapan role based access control dalam sistem supply chain management berbasis cloud,” MALCOM: Indonesian Journal of Machine Learning and Computer Science, vol. 3, pp. 339–348, Nov. 2023.
[8] Y. A. Prasetia and D. Manongga, “Role based access control (rbac) untuk sistem otorisasi terpusat berbasis flask studi kasus pt. xyz,” JIPI (Jurnal Ilmiah Penelitian dan Pembelajaran Informatika), vol. 9, pp. 1768–1778, Nov. 2024.
[9] S. Ameer, J. Benson, and R. Sandhu, “Hybrid approaches (abac and rbac) toward secure access control in smart home iot,” IEEE Transactions on Dependable and Secure Computing, vol. 20, pp. 4032–4051, Sept. 2023.
[10] S. Jadhav and N. Pise, “Secure and transparent blockchain donations: An attribute-based access control (abac) framework for enhanced donor control,” in 2024 IEEE International Conference on Blockchain and Distributed Systems Security (ICBDS), (Pune, India), IEEE, Oct. 2024.
[11] M. U. Aftab, Z. Qin, Zakria, S. Ali, P. Pirah, and J. Khan, “The evaluation and comparative analysis of role based access control and attribute based access control model,” in 15th International Computer Conference on Wavelet Active Media Technology and Information Processing (ICCWAMTIP), pp. 35–39, July 2018.
