SkillSetz Appendix H – Access Control Matrix

This appendix documents the Role-Based Access Control used at SkillSetz. The access control is described in 4 sections:

  • Systems and Privileges Available: This table describes the different systems along with the different access levels which they provide.
  • Roles and Privileges: This table describes the different roles and their associated privileges to access different systems. The different roles are based on job classification. And the different privileges are based on job functions.
  • Roles and Constrains: this section describes any constraints that may exist in the model to guarantee proper separation of duties.  
  • User and Role Assignments: This table describes the different users and their assigned roles. This table is especially useful for auditing purposes.    

 

H.1  Systems and Privileges Available  

Systems/Objects

Privileges Available  

Database

Server Admin

Web Server & Application

Server Admin

Firewall Configuration

Server Admin 

Magento

Admin Access

 

H.2  Roles and Privileges  

Role

System Access 

Granted Privileges

Basic User

SkillSetz Admin Panel

Admin Access

Manager

SkillSetz Admin Panel

Admin Access

Developer

No access

No access

DevOps Team Member

Database 

Server Admin

Web Server & Application

Server Admin

Security Devices

Device Admin

Log Aggregation System

Server Admin

Testing Environment

Admin Access

Key Custodian

All

All

 

H.3  Roles and Constraints  

  • The roles “Developer” and “DevOps Team Member” must be mutually exclusive to guarantee that developers cannot access the production environment without authorization.
  • There must be at least 2 “Key Custodian” roles with entire root access everywhere

 

H.4  User and Role Assignments

Users/Groups

Roles

Client 

Basic User

Managers Group 

Basic User; Manager

Development Group

Developer

DevOps Team

DevOps Team Member

Serhii Shnurenko

Key Custodian

Vladislav Sokhatskiy

Key Custodian

Important notice: this form and all its associated details must be accessible only by personnel authorized by the DevOps Team.

Was this article helpful?

0 out of 0 found this helpful