Let's say you are a small business owner that provides business-to-business software-as-a-service to non-profit organizations. Your product allows non-profits to create, manage, and market products to potential donors. Your application contains several different modules, two of which are: (i) a gift shop point of sale (POS) module that enables non-profits to effectively create pop-up t-shirt shops and manage their sales, and (ii) a marketing module that allows non-profits to create and distribute newsletters to their donors. Can you explain role-based access control (RBAC) with this example or any other example as an illustration?
Solution
Without role-based access control(RBAC),
every non profit employees & volunteers will have access to all features of application, that is not ideal, particularly since 1 of them is an animal rescue who has a variety of volunteers with knowledge of only the area in which they volunteer.
Alternatively we can implement RBAC and creating some permissions that users in the gift shop POS(Point of Sales) module would require:
For making this easier to manage we need to create a role called
“Gift Shop Manager” & add the following permission to the role
In the same way we need to create permissions for users in the marketing module also that includes
We need to create a role called “Newsletter Admin” and add the permissions to also
Now when your animal rescue brings in their volunteer, astrid, to run their pop up t shirt shop
Astrid is assigned to the role of “Gift Shop Manager”
When we assigning the role to Astrid she will grant all the permissions that you assigned to the role
Astrid does know nothing about publishing news letters
We never assigned her the “Newsletter Admin” Role therefore she never accessed the marketing module
By using RBAC we can avoid building & maintaining separate authorisation systems on the other hand we can use the token we have already received during authorisation we can easily remove the “Gift Shop Manager” role from her & we can assign new role
Maintaining roles & permissions for all of the customers becomes too unwisely we can use RBAC to create a module within our product which allows customers to manage their own RBAC thereby reducing liability & cutting staffing costs
---
all the best
Let's say you are a small business owner that provides business-to-business software-as-a-service to non-profit organizations. Your...
How can we assess whether a project is a success or a failure? This case presents two phases of a large business transformation project involving the implementation of an ERP system with the aim of creating an integrated company. The case illustrates some of the challenges associated with integration. It also presents the obstacles facing companies that undertake projects involving large information technology projects. Bombardier and Its Environment Joseph-Armand Bombardier was 15 years old when he built his first snowmobile...