You are the administrator for a tracking system application for a Human Resource

Question

You are the administrator for a tracking system application for a Human Resources (HR) Department that tracks different employee cases such as processing retirements or changing health benefits for ACME Inc.. There are different permissions that different members the HR Staff need to execute on the cases to perform their duties. The available permissions that may be accomplished for each case are:
Read a case – you can open a case and view the contents. Create a case – you can make a new case and save it. Update a case – you can open a saved case, make changes to it and save the changes. Search a case – you can search for cases using criteria and get returned cases that match the criteria. Delete a case – you can delete an entire case. Assign a case – you can assign a case to someone else to be worked on.
A. I want to have a set of HR managers that can perform all of the functions above.
B. I want to also have a seperate set of HR personnel that can do everything except for alter or delete cases.
C. I want to have a seperate set of HR personnel that can open and make changes to a case but only after it assigned to them.
D. I also want a seperate set so that if an ACME employee calls the HR helpdesk with a problem, the HR personnel that answers the phone should be able to: search for their case, look at its contents, and either make the appropriate changes or assign it to the group responsible for making the changes.
1. Out of Discretionary Access Control, Mandatory Access Control, and Role Based Access Control, which access control method (choose only one) is best at accommodating these permissions and why?
2. Using least privilege principles; list all of the different permissions you would assign to accomplish the functions above for each set of requirements. Again, using least privilege, include what permissions each group would have (Read, Create, Update, Search, Delete, and Assign).
List the permissions for A: List the permissions for B: List the permissions for C: List the permissions for D: You are the administrator for a tracking system application for a Human Resources (HR) Department that tracks different employee cases such as processing retirements or changing health benefits for ACME Inc.. There are different permissions that different members the HR Staff need to execute on the cases to perform their duties. The available permissions that may be accomplished for each case are:
Read a case – you can open a case and view the contents. Create a case – you can make a new case and save it. Update a case – you can open a saved case, make changes to it and save the changes. Search a case – you can search for cases using criteria and get returned cases that match the criteria. Delete a case – you can delete an entire case. Assign a case – you can assign a case to someone else to be worked on.
A. I want to have a set of HR managers that can perform all of the functions above.
B. I want to also have a seperate set of HR personnel that can do everything except for alter or delete cases.
C. I want to have a seperate set of HR personnel that can open and make changes to a case but only after it assigned to them.
D. I also want a seperate set so that if an ACME employee calls the HR helpdesk with a problem, the HR personnel that answers the phone should be able to: search for their case, look at its contents, and either make the appropriate changes or assign it to the group responsible for making the changes.
1. Out of Discretionary Access Control, Mandatory Access Control, and Role Based Access Control, which access control method (choose only one) is best at accommodating these permissions and why?
2. Using least privilege principles; list all of the different permissions you would assign to accomplish the functions above for each set of requirements. Again, using least privilege, include what permissions each group would have (Read, Create, Update, Search, Delete, and Assign).
List the permissions for A: List the permissions for B: List the permissions for C: List the permissions for D: You are the administrator for a tracking system application for a Human Resources (HR) Department that tracks different employee cases such as processing retirements or changing health benefits for ACME Inc.. There are different permissions that different members the HR Staff need to execute on the cases to perform their duties. The available permissions that may be accomplished for each case are:
Read a case – you can open a case and view the contents. Create a case – you can make a new case and save it. Update a case – you can open a saved case, make changes to it and save the changes. Search a case – you can search for cases using criteria and get returned cases that match the criteria. Delete a case – you can delete an entire case. Assign a case – you can assign a case to someone else to be worked on.
A. I want to have a set of HR managers that can perform all of the functions above.
B. I want to also have a seperate set of HR personnel that can do everything except for alter or delete cases.
C. I want to have a seperate set of HR personnel that can open and make changes to a case but only after it assigned to them.
D. I also want a seperate set so that if an ACME employee calls the HR helpdesk with a problem, the HR personnel that answers the phone should be able to: search for their case, look at its contents, and either make the appropriate changes or assign it to the group responsible for making the changes.
1. Out of Discretionary Access Control, Mandatory Access Control, and Role Based Access Control, which access control method (choose only one) is best at accommodating these permissions and why?
2. Using least privilege principles; list all of the different permissions you would assign to accomplish the functions above for each set of requirements. Again, using least privilege, include what permissions each group would have (Read, Create, Update, Search, Delete, and Assign).
List the permissions for A: List the permissions for B: List the permissions for C: List the permissions for D:

Explanation / Answer

Answer:

Role Based Access Control is implemented as three entities namely user, Role and Permission

Here the relationship between user and Permission is a many-many relationship i.e. a user can have n number of permissions to the assigned job. Likewise permission is assigned to more one than one user.

Between Role and Permission there exists a many-many relationship.

In our case each person is assigned with different task and they need different permission. Role Based Access Control will be the best at accommodating these permissions.

Using least privilege permissions we will assign permissions to the four groups based on requirements.

List the permissions for A:

Since A will have HR managers who do the all tasks. Hence we can assign Create, Update, Search, Assign permissions these groups.

List the permissions for B:

Since B will have HR managers who do tasks other than alter or delete cases. Hence we can assign Create, Search, Assign permissions these groups.

List the permissions for C:

The group HR people in C do updating of cases after the case has assigned to them. They need Assign and update permissions.

List the permissions for D:

We can assign search, update, assign permissions to D group.

Related Questions

Navigate

• Browse (All)
• Browse Y
• Subjects

---

---

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.