You are a security analyst for a healthcare firm assigned to create an RBAC matrix for a new
software-as-a-service (SaaS) application for managing patient medical files. There are six
individuals who have roles within the system and need varying levels of access to the medical
patient software. Your objectives are to set up the RBAC matrix to:
• Ensure individuals have access to necessary information for their job role
• Maintain patient privacy by adhering to the Fundamental Security Design Principle of
least privilege (i.e., business need-to-know)
The following SaaS application parameters need to be determined:
1. Access to patient information
2. Access to employee information/nCYB 200 Module Four Activity Template
After reviewing the scenario in the Module Four Activity Guidelines and Rubric document, fill in each cell with one or more of the following actions:
View
Create
Modify
Delete
None
User name
Norman
Ryhead
Simone
Janet
Dale
Ethan
Patient information
Employee information
Access to the SaaS
Access to backup logs
After you have completed the table above, respond to the following short questions:
1. What changes could be made to user roles through implementation of least privilege to better support that security design principle? (Hint: Refer to the
characteristics in the user job roles and characteristics table in the scenario, and consider the characteristics that may be contradictory.)
2. What is the importance of this tool to you as a security analyst in managing and protecting the environment? Provide an example.
Fig: 1
Fig: 2