Final answer:
A rough policy outline for determining administrative rights on a computer system with role-based access control includes identifying workstations, defining roles, establishing criteria, creating a request process, and conducting regular reviews.
Step-by-step explanation:
A rough outline of a policy to determine who should be allowed to have administrative rights on a computer system with role-based access control could include the following:
- Identify the specific workstations or systems that require administrative rights.
- Define the roles or employee types that should have administrative access based on their job responsibilities and the need for system administration.
- Establish clear criteria for granting administrative rights, such as relevant training or certifications, job position, and level of trust.
- Create a formal request and approval process for granting or revoking administrative rights.
- Regularly review and audit the administrative rights to ensure they are still necessary and appropriate.
These tenets are important to ensure that the right individuals have the necessary access to perform their administrative duties while minimizing the risk of unauthorized access or misuse of administrative privileges.