MIS300 Module 3-CRUD-Defining Information Ownership Assingment - Final PDF

Preview

Summary

Download MIS300 Module 3-CRUD-Defining Information Ownership Assingment - Final PDF

Description

Running head: CRUD – INFORMATION OWNERSHIP

CRUD – Information Ownership XXX MIS300 – Information Systems Design and Management Colorado State University – Global Campus Instructor: Kadri Brogi January 28, 2017

1

CRUD – INFORMATION OWNERSHIP

2

CRUD - Information Ownership Information Ownership establishes accountability and responsibilities for the individuals/departments to ensure the confidentiality, availability, and accuracy of information in the database management system (DBMS). Clearly defined roles and privileges within the DBMS and its subsystems allow for users to create, read, update and/or delete (CRUD) information within the system. The CRUD model is an excellent for an organization to ensure that each employee has the appropriate access to information, but does not have excessively powerful access rights (Lunsford & Collins, 2008, para. 2). CRUD Matrix – Student Information While reviewing school information model, it is evident that there are several groups with different levels of system rights, who have access to information student’s personal and transcript information. Following CRUD matrix table shows users/groups and their level of access rights.

As you can see, database administration assigns access rights and information ownership to users/groups with specific objectives relating to their job functions. There are redundancies in user/groups roles/rights that exist for the reasons of ensuring integrity and cleanliness of information, but more importantly for availability, and accuracy of student’s information. In most cases, individuals and/or groups have the ability to either create, read or update student

CRUD – INFORMATION OWNERSHIP

3

information but not to delete student records, which would normally be owned by very few users in the DBMS to prevent unintended or deliberated act of such magnitude. Student’s Information Ownership and Relationships Admissions/registrar’s office have read access to all information, and ability to create, and update most of the information without needing support from database administrator. This level of system access and privileges are critical for admissions/registrar’s group, as they are the first point of contact when students are enrolled. This group has information ownership responsibility of creating accurate student record in the system; including transfer of transcripts from another school (if applicable), and assigning student ID number, which is considered primary key for student records in the database. This allows for administrator, student or school officials to easily trace any errors in student information back to the source, and resolve any issues in an efficient manner. Once student is in the system, their information is passed along to an academic advisor, who becomes their main point of contact for rest of their educational journey at the institution. With responsibilities such as, helping student develop an academic plan to assisting them with identifying major/minor and providing guidance, allows them read and update privileges to all the information in student’s file with an exception of student ID number (primary key, read only). In addition, being that advisors are in charge of assisting students with picking their major/minor, they are given ownership rights to create and update this field within the database. With having an academic plan in place, student register for course(s) in their respective field of interest; at which point student information is transferred to member of faculty staff or department. This user group has the ability to read all the information in student file along with information ownership of student’s grade point average (GPA) by creating and updating course

CRUD – INFORMATION OWNERSHIP

4

grade in the database. Office of admissions/registrars, advisor and head of faculty department have the rights to update grades and GPA in case if professor or instructor is no longer there to perform this function. Lastly, students have the ability to access online portal which allows read access to their personal and school information. Students have user privileges to update their contact information (address and telephone number) as well as update/register for courses, however they do not have access to changing their major or minor focus on their own. To make this change student would have to contact their advisor. Conclusion Student information is accessible by several users/groups with clearly defined system access rights and information ownership listed in the CRUD matrix. This allows school officials and database administrator to establish accountability and responsibilities for the individuals/departments to ensure the confidentiality, availability, and accuracy of information in the database. Also, this model makes it easier for all parties involved to determine root cause of any issues, and allows for students and school to achieve informational objectives in clear, concise and efficient manner.

References

CRUD – INFORMATION OWNERSHIP Lunsford, D., & Collins, M. (2008). The CRUD security matrix: A technique for documenting access rights. Retrieved from http://ocean.otr.usm.edu/~w300778/is-doctor/pubpdf/sc2008.pdf Lunsford, D., & Collins, M. (2008). The CRUD security matrix: A technique for documenting access rights [Table]. Retrieved from http://ocean.otr.usm.edu/~w300778/is-doctor/pubpdf/sc2008.pdf

5...