Coping with Access Control Requirements in the Context of Mutual Dependencies between Business and IT.