In this exercise, you will develop a role-based access control matrix for a fictitious IT department. Given a list of job titles, you will develop an access matrix that specifies which job titles are permitted to perform which roles.
The job titles are: System Engineer I, System Engineer II, Network Administrator, System Engineering Manager, Security Administrator I, Security Administrator II, Security Manager, and IT Manager.
The roles are: Review end user account request, Approve end user account request, Create end user account, Audit end user accounts, Review end user file server access request, Approve end user file server access request, Perform end user file server access change, Audit end user file system permissions.
When you map job titles to roles, make sure that there is adequate “separation of duties.” For instance, someone who approves requests should not be the same person who fulfills requests—and someone else altogether needs to audit requests.