For this assignment, we will learn about Management Permissions, Role Based Acce

Question

For this assignment, we will learn about Management Permissions, Role Based Access Control and Recipient Management (Chapters 12-13).

First a definition:

Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within an enterprise. In this context, access is the ability of an individual user to perform a specific task, such as view, create, or modify a file.

Now, go here to learn more about role based access control and role based security.  http://csrc.nist.gov/groups/SNS/rbac/ (Links to an external site.) or

https://support.rackspace.com/how-to/overview-role-based-access-control-rbac/ (Links to an external site.)

(Links to an external site.)

Write a 2 page APA formatted paper discussing the following:

1. The benefits of role based access security in general and and then list and describe other security options. How did RCAC control come to be created? Why?

2. How does MS Exchange Server implement RBAC for users? How does MS Exchange Server implement RBAC for administrators? Explain each and how they differ and why. (What tools are used and how to set these up and manage them.)

Explanation / Answer

1.The benefits of role based access security:

A role-based access control system might be the best choice for your growing business or organization. Here are just a few of the biggest benefits of these network security systems:

INCREASED SECURITY

Many companies rely on security when it comes to their network and data to protect their employees, customers and industry advantage. Role-based access control systems allow for that in an efficient and reliable way. When the system is designed and implemented, access and privilege for users is determined based on their role within the company (sometimes on a “need-to-know” basis). Once these roles are set, the desired level of security can be easily maintained for hundreds and thousands of employees.

MINIMAL ADMINISTRATIVE WORK

When a new employee is hired or if a current worker changes departments, role-based access control eliminates the need for time-wasting paperwork and password changes to grant and remove network access. These systems can be set up to allow for an easier switch of the designated role and faster assimilation into the workflow.

Once a system is designed and personalized for a company, it requires minimal maintenance and can be scaled for growth. Changes can be made quickly and globally from the manager’s computer and implemented across systems, platforms, applications and geographic locations.

DECREASED NECESSARY CUSTOMER SUPPORT

Using a different network security system can sometimes require a string of passwords. The more passwords assigned an employee, the more likely they are to forget them or need them reset. This can bog down your HR or IT departments when they could be focused on more important, revenue-driving projects. Role-based access control takes away that need for multiple passwords to prove privilege. Instead, it grants access based on the initial assigned role and assigned accessibility for that role.

Row and column access control (RCAC)

Row and column access control (RCAC) provide a data-centric alternative to achieve data security.

RCAC places access control at the table level around the data itself. SQL rules that are created on rows and columns are the basis of the implementation of this capability.

Row and column access control (RCAC) is an extra layer of data security for the dashDB™ database in the Enterprise plan. Row and column access control is sometimes referred to as fine-grained access control or FGAC. RCAC controls access to a table at the row level, column level, or both. RCAC can be used to complement the table privileges model.

To comply with various government regulations, you might implement procedures and methods to ensure that information is adequately protected. Individuals in your organization are granted access to only the subset of data that is required to complete their job tasks. For example, government regulations in your area might state that a doctor is authorized to view the medical records of their own patients, but not of other patients. The same regulations might also state that, unless a patient gives their consent, a healthcare provider is not granted access to patient personal information, such as the patients home phone number.

You can use row and column access control to ensure that your users have access to only the data that is required for their work. For example, a hospital system that is running a dashDB data warehouse and RCAC can filter patient information and data to include only the data that a particular doctor requires. Other patients do not exist as far as the doctor is concerned. Similarly, when a patient service representative queries the patient table at the same hospital, they are able to view the patient name and telephone number columns, but the medical history column is masked for them. If data is masked, a NULL, or an alternative value is displayed, instead of the actual medical history.

2.MS Exchange Server implement RBAC for administrators as follows

MS Exchange Server implement RBAC for Direct User Role Assignment as follows

Direct User Role assignment is an advanced, where in we can assign the management roles directly to a user or USG without using Role groups or Role assignment policies. This is little complex as we need to assign this individually.

Related Questions

Navigate

• Browse (All)
• Browse F
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.