Activity: Role-Based Access Control (RBAC) Matrix
PLEASE: see all files
In this exercise, you will develop a role-based access control (RBAC) matrix for user access control. RBAC matrices, as a security architecture concept, are a way
of representing access control strategies visually. They help the practitioner ensure that the access control strategy aligns with the specific access control
objectives. Matrices also help show when access controls may conflict with job roles and responsibilities. When you are completing this type of task, there are a
few questions you should always be thinking about:
· Who gets to log into the system?
· Who gets to view what?
· What kind of data are you dealing with (basic data vs. information subject to privacy controls)?
· Who gets to add or delete? Who is view-only?
· Who should not have permission?
An example of an RBAC matrix can be found in Fundamentals of Information Systems Security, Chapter 5 (“Role-Based Access Control” section), linked in the
Module Four Reading and Resources section of your course.
You are a security analyst for a healthcare firm assigned to create an RBAC matrix for a new software-as-a-service (SaaS) application for managing patient
medical files. There are six individuals who have roles within the system and need varying levels of access to the medical patient software. Your objectives are to
set up the RBAC matrix to:
· Ensure individuals have access to necessary information for their job role
· Maintain patient privacy by adhering to the Fundamental Security Design Principle of least privilege (i.e., business need-to-know)
The following SaaS application parameters need to be determined:
1. Access to patient information
2. Access to employee information
3. Access to the SaaS
4. Access to backup logs
See the User Job Roles and Characteristics table below for information on the users, their roles in the organization, and their job descriiptions.
Specifically, you must address the critical elements listed below:
I. RBAC Matrix: Populate the RBAC matrix in the Module Four Activity Template using one or more of the necessary actions (view, create, modify, delete,
II. Essential Questions: Answer the following short response questions based on your populated table in the template:
A. What changes could be made to user roles through implementation of least privilege to better support that security design principle? (Hint:
Refer to the characteristics in the scenario table above, and consider the characteristics that may be contradictory.)
B. What is the importance of this tool to you as a security analyst in managing and protecting the environment? Provide an example.
Guidelines for Submission: Submit the completed RBAC matrix and short response questions in the Module Four Activity Template. You may also submit this
activity in your own Microsoft Word document, but your submission must contain the same elements as the template. Your submission should be 1–2 pages in
length (plus a cover page and references, if used) and written in APA format. Use double spacing, 12-point Times New Roman font, and one-inch margins. The
file name should include the course code, assignment number, and your name—for example, CYB_200_Module_Four_Activity_Neo_Anderson.docx.