Abstract: Nowadays the economy relies on companies evolving in an increasingly highly regulated environment, having their operations
strongly formalised and controlled, and being often organised following a bureaucratic approach. In such a context, aligning
the business operations with the appropriate IT infrastructure is a challenging and critical activity. Without efficient business/IT
alignment, these companies face the risk not to be able to deliver their business services satisfactorily and that their image
is seriously altered and jeopardised. Among the many challenges of business/IT alignment is the access rights management which
should be conducted considering the rising governance needs, such as taking into account the business actors' responsibility.
Unfortunately, in this domain, we have observed that no solution, model and method, fully considers and integrates the new
needs yet. Therefore, the thesis proposes firstly to define an expressive Responsibility metamodel, named ReMMo, which allows
representing the existing responsibilities at the business layer and, thereby, allows engineering the access rights required
to perform these responsibilities, at the application layer. Secondly, the Responsibility metamodel has been integrated with
ArchiMate to enhance its usability and benefits from the enterprise architecture formalism. Finally, a method has been proposed
to define the access rights more accurately, considering the alignment of ReMMo and RBAC. The research was realised following
a design science and action design based research method and the results have been evaluated through an extended case study
at the Centre Hospitalier de Luxembourg.