5.5.1 User / Group / Role Management
A central task in privilege management is the management of users, group membership and role membership. Each of these categories can be used for authorization. For example, you can assign a privilege to a single user, to a group or to a role.
Both groups and roles are collections of users. In fact, a role can be considered a special type of group, defined by job duties, whereas a group can categorize users, using any criteria (such as friends of the admins and non friends of the admin). Roles may be implemented on some systems using groups at the operating system level, or they might be implemented apart from the OS concept of groups, using a separate database of role membership information.
With both groups and roles, a single user can belong to more than one group/role. Similarly, a group/role can contain multiple users. Database administrators would call the relationships between users and groups, and users and roles, many to many in database jargon.
Home - Table Of Contents - Contact Us
CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004
Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.