Chapter 6. SharePoint security
Let’s begin with a basic question: what is a security principal? In a common scenario in a Windows network environment, a security principal can be a user with an account in Active Directory. But the concept of a security principal goes far beyond that. A security principal can also be a user with an account in some other type of identity management system such as Microsoft ASP.NET forms-based authentication (FBA), Microsoft Account, or Facebook.
There are also common scenarios in which a security principal will not have a one-to-one mapping to a human being. For example, an Active Directory security group is a type of security principal, as is an FBA role. A computer becomes a first-class security principal when ...