Question 2. Consider the following access control scenarios:
(b). The College of Science of a University comprises three Schools: Mathematics, Physics, and Chemistry. The three Schools share a common online library. Each of the three schools has a corresponding library
section and each section includes ebooks that can be either new or
old editions. The members of the library can be either Senior staff of
each School, Junior staff of each School, or externals. Access to the
library’s ebooks is determined according to the following rules:
– Senior staff members have access to all ebooks across all three
sections.
– Junior staff members have access only to ebooks (new and old
editions) of the section that corresponds to their School.
– External members have access only to the old editions across all
three sections.
Given the above:
(i).  Suppose that we want to deploy Role-based Access
Control (RBAC) for implementing the above rules. Determine
all the relationships between roles and permissions that will be
created (e.g., by writing all the possible pairs between roles and
permissions where access is allowed, or by creating a diagram
that has the corresponding arrows).
(ii).  Suppose that we want to deploy Attribute-based Access
Control (ABAC) for implementing the above rules. Specify all the
attributes and policy rules that capture the library’s access rules.
The labelling of the attributes is completely up to you as long as
you explicitly define what they refer to. For instance, you can
write that “by Section(b) we denote the attribute that refers to
the library section that ebook b belongs to; the possible values
for Section(b) are Mathematics, Physics, and Chemistry.”.