Limitations and Issues
Currently available security measures and technologies can control access to networks, systems, applications, and even to some application functions. Which is fine but leaves a few unresolved issues including:

1. access vs function
limiting access to functionality is contrary to providing users with increased functionality, operations, and services;

2. authorization vs entitlement
once the user has access to a functionality, can he get all the data or just a subset, for example if he requests vehicle information from the company's fleet, does he get all the vehicles or just the ones for his department? in his location? Does he get all the information on these vehicles or just the technical but not the financial?

3. profiles vs 24/7
often (ex: J2EE) security profile definition is a deployment task so adding or changing them usually implies re-deployment, not always trivial, especially in 24/7 transactional mission-critical environments;

4. security vs application
passing the user profile to the application for the application to decide what action to take and what to return implies that the application logic, the business logic of the application is closely dependent on the security configuration which means that when security configuration changes, so will the application, requiring also re-testing and re-deployment, usually a very expensive proposition, especially in 24/7 mission-critical distributed portal environments;

5. security vs process
the load of security checking sits in the application's business logic layer, on (expensive) business application servers, while security should be separate process(es), typically on dedicated server(s), independent of business logic, yet fully supporting it;

6. security vs transform
data transform is essential for data exchange but usually separated from security, while transform, exchange, and security are really parts of the same process;

7. profiles and resources vs granularity
current profile and data access controls have limited granularity which can become a major constraint for virtual profiles and collaboration portal applications where richer structures require more (unlimited) granularity control.