Kathleen is implementing an access control system for her organisation and builds the following array: Reviewers: update files, delete files Submitters: upload files Editors: upload files, update files Archivists: delete files
Paul works for a data centre hosting facility that provides physical data center space for individuals and organisations. Until recently, each client was given a magnetic-strip-based keycard to access the section of the facility where their servers are located, and they were also given a key to access the cage or rack where their servers reside. In the past month, several servers have been stolen, but the logs for the pass cards show only valid IDs.
What is Kathleen’s best option to make sure that the users of the pass cards are who they are supposed to be?
Jack’s organisation is a government agency that handles very sensitive information. They need to implement an access control system that allows administrators to set access rights but does not allow the delegation of those rights to other users. What is the best type of access control design for Jack’s organisation?