I would really appreciate help with this question . Your manager wants to implem
ID: 3814144 • Letter: I
Question
I would really appreciate help with this question.
Your manager wants to implement RBAC functionality. Your shop uses a UNIX system. You do not have a system with an implementation of RBAC available to you. You have the basic capabilities of UNIX/LINUX (e.g. groups, permissions, utilities, scripting) at your disposal for access control and implementing your infrastructure. You also have access control list functionality and sudo available.
Discuss how far you can go implementing RBAC functionality with the tools at your disposal. Show some of the constructs you would use.
What RBAC functionality would be difficult or not practical to implement?
This assignment requires some detail so please be as thorough as possible when writing the answer.
Thank You
Explanation / Answer
Answer:
It is very simple to implement the RBAC functionality with the following capabilities of UNIX/LINUX mentioned in the problem.
First of all,
a)Design the roles you need.
b)Give them each a name in a consistent naming pattern.
c)Create a group account for each of those roles.
d)Assign users as members of the groups as appropriate for their roles.
e)Then, in sudoers assign the set of permitted commands for sudo based upon the need of the name role ("%group" permissions).
f)Then, assign FACLs the files and/or directories and/or remote filesystem mounts that pertain to those same groups.
Make sure that groups that are role-based are prohibited from having any other meaning in your organisation.
RBAC Challenges:
Implementing RBAC comes with its challenges:
a)It takes time and effort to determine the permissions each role will be assigned.
b) A static template for rolling out RBAC cannot be used for all organizations because business needs tend to differ.
c)Flat RBAC requires user-role asignment review whereby the roles assigned to a user.The same kind of requirement is difficult to implement in large-scale distributd systems.