Skip to Content
Active Directory, Second Edition
book

Active Directory, Second Edition

by Robbie Allen, Alistair G. Lowe-Norris
April 2003
Intermediate to advanced
688 pages
22h 8m
English
O'Reilly Media, Inc.
Content preview from Active Directory, Second Edition

Designing Permission Schemes

Having worked through many designs for different domain structures, we have come up with a series of rules or guidelines you can follow to structure the design process effectively. The idea is that if you design your permissions schemes using these rules, you will be more likely to create a design with global scope and minimum effort.

The Five Golden Rules of Permissions Design

This list is not exhaustive. We are sure you will be able to think of others beyond these. If, however, these rules spark your creative juices and help you design more effectively, they will have done their job.

The rules are:

  1. Whenever possible, assign object permissions to groups of users rather than individual users.

  2. Design group permissions so that you have a minimum of duplication.

  3. Manage permissions globally from the ACL window.

  4. Allow inheritance: do not orphan sections of the tree.

  5. Keep a log of every unusual change that you have made to the tree, especially when you have orphaned sections of it or applied special rights to certain users.

Let’s look at these rules in more detail.

Rule 1—Apply permissions to groups whenever possible

By default, you should use groups to manage your user permissions. At its simplest, this rule makes sense whenever you have more than one user for whom you wish to set certain permissions.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Read now

Unlock full access

More than 5,000 organizations count on O’Reilly

AirBnbBlueOriginElectronic ArtsHomeDepotNasdaqRakutenTata Consultancy Services

QuotationMarkO’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.
Julian F.
Head of Cybersecurity
QuotationMarkI wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.
Addison B.
Field Engineer
QuotationMarkI’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.
Amir M.
Data Platform Tech Lead
QuotationMarkI'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.
Mark W.
Embedded Software Engineer

You might also like

Active Directory, 3rd Edition

Active Directory, 3rd Edition

Joe Richards, Robbie Allen, Alistair G. Lowe-Norris
Active Directory, 4th Edition

Active Directory, 4th Edition

Brian Desmond, Joe Richards, Robbie Allen, Alistair G. Lowe-Norris
Active Directory Cookbook, 3rd Edition

Active Directory Cookbook, 3rd Edition

Laura E. Hunter, Robbie Allen

Publisher Resources

ISBN: 0596004664Catalog PageErrata