User access management for university corporative automated information system

University automated information system is based on integration of data and advanced telecommunication infrastructure with great number of users (access subjects) with varied access rights to different data elements (access objects). Problem of minimization of information system user access privilege should be solved to provide effective corporate data protection. We present model of user access policy which joins restrictions of subject domain and capability access policy DBMS Oracle. Here restrictions of subject domain under permitted access are defined by user affiliation to hierarchy nodes that corresponds to university department organizing structure. Model provides flexible response to variation of user affiliation to nodes of university department hierarchy. It was implemented to Orenburg State University as a part of project "Orenburg State University Information Analysis System".