Business enterprise systems form the backbone of most modern enterprises. Consequently, access control systems are becoming more and more important (e.g., for controlling access to data and business processes). Further, the number of businesses that operate in regulated markets (e.g., markets in which compliance regulations are applicable) is increasing. Such compliance regulations, along with the increased awareness of information technology (IT) security, result in a need for flexibility and adaptability in business access control models. In general, this leads to the need for complex and dynamic access control policies as well as a significant increase in the costs for manual system audits.