Computer Science Role Based Access Control Matrix Paper

Overview In this exercise, you will develop a role-based access control (RBAC) matrix for user access control. RBAC matrices, as a security architecture concept, are a way of representing access control strategies visually. They help the practitioner ensure that the access control strategy aligns with the specific access control objectives. Matrices also help show when access controls may conflict with job roles and responsibilities. When you are completing this type of task, there are a few questions you should always be thinking about:You are a security analyst for a healthcare firm assigned to create an RBAC matrix for a new software-as-a-service (SaaS) application for managing patient medical files. There are six individuals who have roles within the system and need varying levels of access to the medical patient software. Your objectives are to set up the RBAC matrix to:The following SaaS application parameters need to be determined:See the User Job Roles and Characteristics table below for information on the users, their roles in the organization, and their job descriptions.Has no right to view patient informationHas the ability to view the backup logs for important system informationRyheadSales representative for the healthcare firmHas access to the software but only for showing potential new customersHas the ability to create dummy user accounts for demo purposesHas no ability to modify any patient information, and can only show screens for demo purposesHas no access to the backup logsSimoneHR representative for the healthcare firmHas the ability to log into the systemHas no abilities with user accountsHas access to the software and employee records but should have no access to patient informationHas no access to the backup logsJanetApplication administrator for the SaaS applicationHas full access to software, has the ability to change or modify settings in the system as needed, and has the ability to provide an override codeHas the ability to view, create, modify, and delete user accountsHas no rights to change patient informationHas the ability to view, create, and modify patient information, but does not have the right to delete patient information without an override codeHas no access to backup logsEthanAuditorHas the ability to log into the system but can only view informationHas no abilities with user accountsHas no ability to create, modify, or delete patient informationHas the ability to view backup logs