Q7: Let us assume you need to implement RBAC for a Bank and consider the following statements as part of business requirements.

• The bank will have a teller who can (i) withdraw cash, (ii) deposit check from a customers bank account
• There will be bank manager who can (i) issue new account (ii) withhold an existing account (iii) close an account of a customer.
• A manager can assume the role of a teller and vice versa
• The bank has three employees {Alice, Bob, Charlie}, and Alice being a network admin should never assume the role of either teller or manager.
• An admin cannot alter customer information without managers approval, but can view information anytime.

a) Identify (i) set of roles, (ii) duties, (iii) subjects. [10]

Roles: { }

Duties: { }

Subject: { }

b) Show a mapping of each subject and their possible valid roles that can be assumed: [5]

Alice: { .}

Bob: { }

Charlie: { .}

c) Show a mapping of each role and corresponding valid duties that can be performed: [5]

Teller: { }

Manager: { }

Admin: { }