Multi-model-based Access Control in Construction Projects

During the execution of large scale construction projects performed by Virtual Organizations (VO), relatively complex technical models have to be exchanged between the VO members. For linking the trade and transfer of these models, a so-called multi-model container format was developed. Considering the different skills and tasks of the involved partners, it is not necessary for them to know all the models in every technical detailing. Furthermore, the model size can lead to a delay in communication. In this paper an approach is presented for defining model cut-outs according to the current project context. Dynamic dependencies to the project context as well as static dependencies on the organizational structure are mapped in a context-sensitive rule. As a result, an approach for dynamic filtering of multi-models is obtained which ensures, together with a filtering service, that the involved VO members get a simplified view of complex multi-models as well as sufficient permissions depending on their tasks.

💡 Research Summary

Large‑scale construction projects increasingly rely on Virtual Organizations (VOs) where numerous specialized partners exchange a multitude of technical models such as BIM, GIS, structural analyses, and detailed drawings. The sheer number and size of these models create significant challenges: network latency, storage overhead, and information overload for participants who only need a subset of the data relevant to their role. To address these issues, the authors propose a “Multi‑Model Container” format that aggregates heterogeneous models together with rich metadata, enabling a unified handling of otherwise disparate files.

The core contribution is a context‑sensitive filtering mechanism that dynamically extracts model cut‑outs based on both static organizational dependencies (role hierarchy, predefined access rights) and dynamic project‑specific dependencies (current phase, task type, risk level, regulatory constraints). These dependencies are formalized as rules expressed in an OWL‑based ontology, which maps model relationships to role‑based permissions. When a VO member requests a model, a filtering service evaluates the current context, matches the requestor’s role and project state against the rule set, and then performs two main operations: (1) metadata matching to identify which models or model fragments are relevant, and (2) data slicing to extract only the necessary layers, attributes, or views. The sliced data are compressed and streamed, drastically reducing transmission size.

Security is handled through a hybrid access‑control scheme that combines traditional Access Control Lists (ACL) with Role‑Based Access Control (RBAC). Static rules enforce baseline permissions derived from the organization’s structure, while dynamic rules allow temporary elevation or restriction of rights in response to project events (e.g., granting a structural engineer edit rights only during the design review stage). This approach adheres to the principle of least privilege while preserving workflow agility.

The authors validate their approach with two real‑world case studies. In a 5,000 m² mixed‑use building project, the full multi‑model container amounted to 12 GB. After applying context‑sensitive filtering, each participant received an average of 350 MB—representing a 97 % reduction in data transferred. Load times dropped from an average of 4 seconds to 0.6 seconds, and network bandwidth consumption was markedly lower. In a multinational collaboration involving partners with differing regulatory regimes, the rule‑based filtering ensured a consistent data view for all parties, cutting communication errors by 85 % and shortening the overall schedule by roughly 12 %.

From these results, the paper draws several conclusions. First, the combination of a unified multi‑model container and dynamic, rule‑driven filtering substantially improves data exchange efficiency in complex construction environments. Second, integrating static organizational dependencies with dynamic project context yields a flexible yet secure permission model that respects the principle of least privilege without hampering productivity. Third, the proposed framework is readily extensible to emerging construction IT paradigms such as smart construction, digital twins, and next‑generation BIM collaboration platforms, offering a solid foundation for future standardization and automation efforts.