Friday, October 23, 2009

The Method to My Madness Part II - Active Directory Standards & Role-Based Access

Nothing bothers me more than having to assign rights to a resource more than once. In my effort to not be bothered, I have come up with ways to accomplish this for computer rights, file/folder permissions, and SQL server security. Now obviously you have to update rights to a resource, but what I am talking about when I say that I hate having to do it more than once, is the act of assigning rights directly to the resource. I would rather be able to add someone to a group that is based on a role or job function and be done. I don't want to have to browse out to folders and files and assign permissions. I don't want to have to make someone a Power User by actually changing the rights on the computer. Lastly, I don't want to give someone rights to a database by going to the database server and assigning rights to his/her user object.

In and effort to achieve these goals, I have established some rules for assigning rights to objects, computers, and databases. Utilizing Restricted Groups for computers, a combination of Domain Local and Global Security Groups for objects, and groups/roles for SQL server. I will break these up into three separate posts.

1. Restricted Groups - Click Here
2. Object Rights Assignment - Click Here
3. SQL Rights Assignment - Click Here

No comments:

Post a Comment