Access Control ( 6 points ) Identify each of the following access control mechan
ID: 3745472 • Letter: A
Question
Access Control (6 points)
Identify each of the following access control mechanisms described:
A company creates groups based upon job responsibilities. For an employee to perform any action in the company financial system, the system first verifies the employee's membership in the group granted authorization to perform the requested action.
A company creates a table with the columns being all the actions that can be performed in the company's ordering system. There is a row in the table for each employee. For each cell the in the table, there is boolean flag to indicate if the employee can perform that function.
An account manager has the ability add and review scans of receipts submitted by employees. However for the account manager to be able to share those receipts with someone else in the company, the account manager must make a request to the system administrator to change the permissions on the image to allow the access.
Explanation / Answer
Answer)
1) The first one here is the mandatory access control (MAC) as it is within the organization and every time the employee logs in a mandatory check are made to verify the authentication of the user.
2) This would be done as Role-Based Access Control Technology (RBAC) which is done based on the roles. The privileges, limitations are as per the role of the employes.
3) Here it is the Discretionary Access Control (DAC) where a permit to the organizations' system is to be decided by the internal executives and then granted access if authorized vendor.
Hope you like the answer. :)
Hit like if you find the answer useful. Thanks