AGDLP

Показать описание

AGDLP
AGDLP an abbreviation of "account, global, domain local, permission" briefly summarizes Microsofts recommendations for implementing role-based access controls RBAC using nested groups in a native-mode Active Directory AD domain: User and computer accounts are members of global groups that represent business roles, which are members of domain local groups that describe resource permissions or user rights assignments AGUDLP for "account, global, universal, domain local, permission" and AGLP for "account, global, local, permission" summarize similar RBAC implementation schemes in Active Directory forests and in Windows NT domains, respectively
Contents
1 Details
11 RBAC in a single AD domain
12 RBAC in AD forests
13 RBAC in non-AD domains
2 Example
3 References
Details
Role based access controls RBAC simplify routine account management operations and facilitate security audits1 System administrators do not assign permissions directly to individual user accounts Instead, individuals acquire access through their roles within an organization, which eliminates the need to editagdlp windows server 12r2, agdlp strategy, agdlp microsoft, agdlp, agdlp example, agdlp vs AGDLP