A company has the following specifications describing the functions that the use

Question

A company has the following specifications describing the functions that the users Alice, Bob, Charlie and John perform:

User

Functions

Alice

read account of Customer A

Alice

read account of Customer B

Alice

create project New Investment

Alice

own application Invoice Management

Alice

own application Customer Account

Bob

read account of Customer A

Bob

read account of Customer B

Bob

write in project New Investment

Bob

use application Customer Account

Charlie

read account of Customer A

Charlie

read account of Customer B

Charlie

use application Invoice Management

Charlie

use application Customer Account

John

read account of Customer A

John

read account of Customer B

John

use application Customer Account

a) Propose a RBAC (Role-Based Access Control) model with Role Hierarchy to specify the above access rights to improve maintainability.

User

Functions

Alice

read account of Customer A

Alice

read account of Customer B

Alice

create project New Investment

Alice

own application Invoice Management

Alice

own application Customer Account

Explanation / Answer

The Role Based Access Control is mainly to grant the access to the users in the organization based on their role in the organization.

This system will be useful when it was maintained with correct roles are assigned to the correct persons. So, before assigning role to the people we need to analyze the roles in the organization and what are necessary permissions need tobe granted.

By Analyzing and Assigning correct Role and allowing them to accces to correct data makes the system to be much useful.

We can achieve the correct RBAC by following the PCI DSS, HIPAA, standards, will gives some form of it.

This is not suitable for the small to medium level companies, So, with proper implementations of RBAC the access rights assignments are systematic and repeated once the controls are correctly established. That will be useful for us to audit it easily.

The following Steps will be useful for designing the RBAC for the organization:

1).Identify the major assets and what are controls need to be implemented, Example HR Management. Web Apps Management,...

2).Find out the roles need to be assigned, and create the roles.

3). Assign The correct roles to correct people.

4). Make sure of role or access change with proper authentication and proper authorization only.

5).Review the data periodically, to check the Access contol in place or not.

So, by following these steps we can build a proper RBAC Model.

There are some tools which can help us to develop RBAC is : Microsoft Active Directory, Okta, Identity Management System,...

The Main Parts in the given scenario will be Subject, Employ, Role, and Organization.

The RBAC will follows:

Hope this will fulfills your requiements, I had taken the roles and assigning of rights as per the given content and my thinking.

If you have any doubts in any area please do comment i will try to respond as soon as possible, sorry i don't have a picture creation tools actually if you are expected a picture. I am ready to explain if you want clarification, but the description enough for your question.

Related Questions

Navigate

• Browse (All)
• Browse A
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.