Let us assume you need to implement RBAC for a Bank and consider the following statements as part of business requirements. - The bank will have a teller who can (i) withdraw cash, (ii) deposit check from a customers bank account - There will be bank manager who can (i) issue new account (ii) withhold an existing account (iii) close an account of a customer. - A manager can assume the role of a teller and vice versa - The bank has three employees {Alice, Bob, Charlie}, and Alice being a network admin should never assume the role of either teller or manager. - An admin cannot alter customer information without managers approval, but can view information anytime.

a) Identify (i) set of roles, (ii) duties, (iii) subjects.

Roles: { }

Duties: { }

Subject: { }

b) Show a mapping of each subject and their possible valid roles that can be assumed:

Alice: { .}

Bob: { }

Charlie: { .}

c) Show a mapping of each role and corresponding valid duties that can be performed:

Teller: { }

Manager: { }

Admin: { }