Distributed Systems: Architecture, Threats, Control, and Roles
Recently role based access control has used roles to improve career profiles of a group because they have mandates to fulfill their tasks (Strembeck 2005). Large company with various duties has increased number of roles some of which overlap in terms of functions and permissions. Role graphs are so essential in order to simplify administration and permissions (Ferraiolo et al, 2003).
Riordan uses human resource information systems to describe organizational make up of a company. However, Human Resource System lacks a strong Organizational chart required to establish inheritance link on a number of roles. Role graphs explain clearly each job classification and its assignments. This paper will analyze the different roles within the human resource clerk, human resource supervisor, human resource manager and the information technology support staff. These roles can be shown simply by use of an organization chart attached herein.
Human Resource Clerk
The main duty of a Human Resource clerk is to promote the Human resource supervisor with daily assignments. These duties extend to research on new employees skills, proposed wages, promotions, regular duties and handling of new recruitment. With these duties, a human resource clerk requires approval and access to information relating to company employees. This access includes permission to access personnel files in both the branch office and the home office. The human resource clerk will also have permission to access training materials for lower level employees apart from those that they also need to undertake some training. The human resource clerk authorization does not extend to senior level employees due to varying interest capable of bringing problems (Eliashberg, et. al., 2008). The human resource clerk has limited internet access to those sites relating to jobs hunting.
Human Resource Supervisor
The Human resource supervisor in a company handles same general functions as a human resource clerk. However, duties of this section include helping the human resource manager with communication between head office and its branches. Human resource supervisor is permitted to access same files as a human resource clerk and other auxiliary files. The human resource officer can access files on all lower employees in all offices but has limited restrictions to files relating to his superiors. Therefore, human resource supervisors enjoy low-level access for all offices that are not theirs. The human resource supervisor enjoys permission to access all training materials and programs for lower level employees. Unlike the human resource clerk, the human resource supervisor has extended and unlimited internet access except for standard blocked sites. This allows them access to any site that relate to common job hunting.
Human Resource Manager
The human resource manager takes responsibility for all functions of the Human resource supervisor and human resource clerk. The human resource manager coordinates setting up of all meetings, company functions, communication between offices and all training. The human resource manager enjoys no restrictions and has more access above the level of authorization for the human resource supervisor. The human resource manager has no restrictions to any of the employee’s files both at home office and all other branch offices. The human resource manager accesses all training materials in all offices and enjoys no internet restrictions apart from normal blocked sites.
The human resource manager is also privy to complete association email list and can send emails to any employee. This manager also enjoys physical access to the entire organization premises in order to allow tours to approved areas and provide authorization assistance to workers whenever necessary. Security checks to verify that indeed the human resource manager is the one using the computer helps to avoid any security issue. When human resource managers try to access files for senior level employees, there is usually another logon screen requiring additional verification.
IT Support Staff
IT support staff have different job specifications from human resource personnel. Their roles include taking care of maintenance and general computer support for all employees. Maintenance involves updating; repairing damaged computers and setting up of new computers for new employees, the IT support staff has permission to access any computer in the company apart from the server (Strembeck, 2005). Like the human resource manager, information technology support staff enjoys total physical access to organizations building especially anywhere there are computers or computer supplies. The IT support officer can access most data files such as server, programmer’s files, telecommunication files and confidential employee files except those that relate to specific higher-level employees. The company policy restricts IT support staff from accessing files for higher-level employees due to conflict of interest. Through an access control system statement modeled by RBAC, it is possible to deny authorization (Mahalik, Xie, Pu, and Moore, 2006). To obtain these records requires additional login.
Conclusion
This paper has explained the four main roles in terms of access, restrictions and policies explaining the relationship restrictions between these different roles. This can be explained better using a role graph that shows levels of authority and data access within an organization. Role graph gives administrators leadership capability and allows them to seek further permission whenever there are errors. Role graphs require updating with the growth of the company in order to incorporate new offices and their roles.
Eliashberg, J., et. al., (2008) "Globally distributed R&D work in marketing management
support
systems (MMSS) environment: a knowledge management perspective", Journal of
Advances in Management Research, 5 (1), pp.7 - 20
Ferraiolo, D.F, Kuhn, D.R., Chadramouli, R., (2003). Role-Based Access Control.
Artech House, Boston.
Mahalik, N., Xie, C. Pu, J. and Moore, P. R. (2006) "Virtual distributed control systems: a
components-based design method for mechatronic systems", Assembly Automation, 26
(1), pp.44 – 53
Strembeck, M. (2005). “A Role Engineering Tool for Role-Based Access Control.”
In Proc. Of the 3rd symposium on Requirements Engineering for Information
Security.
