Identification, Authentication, and Authorization Techniques

The scenario for this assignment is based on the Acme Distribution Center, a fictitious company. You need to play the role of Sam, the system administrator. Acme is responsible for completing a huge target of 180,000 orders. It holds the reputation of having an extremely low error rate for the central distribution per the industry standards. Therefore, Acme is viewed as a model of efficiency. Another good thing about Acme is that it operates 24X7 and even on holidays!

At the Acme Distribution Center, your colleagues are the following employees:

Robert, the lead warehouse receiver
Jennifer, sales and accounts payable
Bradley, the warehouse general manager
LuEllen, the shipper
Buster, the shipper
Lloyd, the purchasing agent
Spare, for temporary help
Jennifer works in the Sales Department by day and part-time as the evening accounts payable clerk with credit memo privileges to correct customer orders. Jennifer is a valuable asset for the organization. Since she joined the accounts payable department, the late payment rate has dropped by 20% while the warehouse-shipping rate increased by 10%, and the overall profit has increased by a modest amount of 0.005% for the first reporting period.

Your General Manager, Bradley is concerned that there is a high-value inventory moving through the system, but the profits are, at best, meager for high margin items. Bradley discussed the issue of inventory volume with Lloyd to see if he knew of any reason for the miserable performance, since so many high-value items were being ordered and shipped.

Your goal is to ensure that the users have only those access permissions that they need to perform their jobs effectively. A bit of research reveals that the warehouse has many goods to ship. You have developed the following matrix and scheme to identify conflicts in duties to address with the management. This will help Acme during the pending audit and reduce asset risk.

Using the following legend, provide the users with the appropriate rights and permissions:

A = Assigned to the user F = Needed for primary function

T = Temporary N = Never

BP = By Position Assigned RO = Read Only

Segregation of Duties Matrix

(System User–Rights and Permissions)

Department

Jennifer

Buster

Bradley

Lloyd

LuEllen

Robert

Spare

Sam

Receiving

A

A

A

A

A

A

A

A

Shipping

A

A

A

A

A

A

A

A

Sales

A

A

A

A

A

A

A

A

Accounts Payable

A

A

A

A

A

A

A

A

Segregation of Duties Matrix

(System User–Rights and Permissions)

Department

Jennifer

Buster

Bradley

Lloyd

LuEllen

Robert

Spare

Sam

Receiving

Shipping

Sales

Accounts Payable

After assigning the correct roles and access privileges to the users given in the scenario, answer the following questions:

What were the incompatible functions in Jennifer’s access account, and why do you think such an incompatibility existed?
What were the potential conflicts and incompatible functions in Lloyd’s access account authorizations?
What are the requirements for Buster and LuEllen?

Sample Solution

The post Identification, Authentication, and Authorization Techniques appeared first on use litetutors.