Skip to content

Access Control Model¶

Principle¶

Access is granted through groups, not direct user permissions.

File access model¶

flowchart LR
    User --> DepartmentGroup[Global Group]
    DepartmentGroup --> ResourceGroup[Domain Local Group]
    ResourceGroup --> Share[Folder ACL]

Administrative access model¶

Use role-based groups.
Delegate specific OU tasks.
Avoid permanent high-privilege access where possible.
Review privileged group membership regularly.

Initial privileged groups to monitor¶

Domain Admins
Enterprise Admins
Schema Admins
Administrators
Account Operators
Server Operators
Backup Operators