Need Help ?
support@radioactivetutors.com
Home / Expert Answers / Other / Description OVERVIEW In this exercise, you will develop a role-based access control (RBAC) matrix

Description OVERVIEW In this exercise, you will develop a role-based access control (RBAC) matrix ...

Description OVERVIEW In this exercise, you will develop a role-based access control (RBAC) matrix for user access control. RBAC matrices, as a security architecture concept, are a way of representing access control strategies visually. They help the practitioner ensure that the access control strategy aligns with the specific access control objectives. Matrices also help show when access controls may conflict with job roles and responsibilities. When you are completing this type of task, there are a few questions you should always be thinking about: Who gets to log into the system? Who gets to view what? What kind of data are you dealing with (basic data vs. information subject to privacy controls)? Who gets to add or delete? Who is view-only? Who should not have permission?  SCENARIO You are a security analyst for a healthcare firm assigned to create an RBAC matrix for a new software-as-a-service (SaaS) application for managing patient medical files. There are six individuals who have roles within the system and need varying levels of access to the medical patient software. Your objectives are to set up the RBAC matrix to: Ensure individuals have access to necessary information for their job role Maintain patient privacy by adhering to the Fundamental Security Design Principle of least privilege (i.e., business need-to-know) The following SaaS application parameters need to be determined: Access to patient information Access to employee information Access to the SaaS Access to backup logs  See the User Job Roles and Characteristics table below for information on the users, their roles in the organization, and their job descriptions. UsersJob RolesJob Characteristics NormanRemote call-center employee Has the ability to log into the medical SaaS as an employee, and has remote access to employee machines for purpose of fixing or diagnosing computer issues Has the ability to create user accounts and assign passwords Has no right to view patient information Has the ability to view the backup logs for important system information RyheadSales representative for the healthcare firm Has access to the software but only for showing potential new customers Has the ability to create dummy user accounts for demo purposes Has no ability to modify any patient information, and can only show screens for demo purposes Has no access to the backup logs SimoneHR representative for the healthcare firm Has the ability to log into the system Has no abilities with user accounts Has access to the software and employee records but should have no access to patient information Has no access to the backup logs JanetApplication administrator for the SaaS application Has full access to software, has the ability to change or modify settings in the system as needed, and has the ability to provide an override code Has the ability to view, create, modify, and delete user accounts Has no rights to change patient information Has the ability to view, modify, and delete backup logs for the SaaS DaleNurse Has access to the system for patient information. Has no abilities with user accounts. Has the ability to view, create, and modify patient information, but does not have the right to delete patient information without an override code Has no access to backup logs EthanAuditor Has the ability to log into the system but can only view information Has no abilities with user accounts Has no ability to create, modify, or delete patient information Has the ability to view backup logs PROMPT RBAC Matrix: Populate the RBAC matrix in the Module Four Activity Template using one or more of the necessary actions (view, create, modify, delete, none). Essential Questions: Answer the following short response questions based on your populated table in the template: What changes could be made to user roles through implementation of least privilege to better support that security design principle? (Hint: Refer to the characteristics in the scenario table above, and consider the characteristics that may be contradictory.) What is the importance of this tool to you as a security analyst in managing and protecting the environment? Provide an example.  Explanation & Answer: 1 Page User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.





We have an Answer from Expert

View Expert Answer

Expert Answer

RBAC Matrix for SaaS Application:

The following table represents the Role-Based Access Control (RBAC) matrix for a healthcare SaaS application used to manage patient medical files. This matrix outlines the access rights for various user roles in the system based on their job responsibilities:

User Role

Patient Information

Employee Information

SaaS Access

Backup Logs

Norman

None

None

View

View

Ryhead

None

None

View

None

Simone

None

View

View

None

Janet

None

None

Full

View, Modify, Delete

Dale

View, Create, Modify

None

View

None

Ethan

None

None

View

View
We have an Answer from Expert

Buy This Answer $6

Radioactive Tutors

Radio Active Tutors is a freelance academic writing assistance company. We provide our assistance to the numerous clients looking for a professional writing service.

NEED A CUSTOMIZE PAPER ON THE ABOVE DETAILS?
Order Now

OR

Get outline(Guide) for this assignment at only $10

Get Outline $10

**Outline takes 30 min - 2 hrs depending on the complexity and size of the task
QUICK ORDER

Place a Quick Order

Our verified writers got you covered. Let us help you balance between studies, work, and family.

We provide our assistance to the numerous clients looking for a professional writing service.

Order Now

OR

Get outline for this assignment at only $10

Get Outline $10
Designed and developed by Brian Mubichi (mubix)
WhatsApp