WARNING: This site is intended for online use only; mass-downloading of pages degrades the server and is prohibited.
If you attempt to use tools to mass-download the site, you may be blocked permanently by automated software.
If you want to read this CertiGuide offline, please use one of the links on the left to purchase a convenient PDF copy. Thank you.

Get this Security+ CertiGuide for your own computer.
Click Here!
Use coupon code "certiguide" to save 20%!
(Expires 2004/12/31)

Also available: 300-question Security+ practice test!
Get It Here!

Google
Web CertiGuide






Table Of Contents  CertiGuide to Security+
 9  Chapter 5:  Operational/Organizational Security (Domain 5.0; 15%)
      9  5.5  Privilege Management

Previous Topic/Section
5.5  Privilege Management
Previous Page
Pages in Current Topic/Section
1
Next Page
 5.5.2  Single Sign-on
Next Topic/Section

5.5.1  User / Group / Role Management

A central task in privilege management is the management of users, group membership and role membership. Each of these categories can be used for authorization. For example, you can assign a privilege to a single user, to a group or to a role.

Both groups and roles are collections of users. In fact, a role can be considered a special type of group, defined by job duties, whereas a group can categorize users, using any criteria (such as “friends of the admins” and “non friends of the admin”). Roles may be implemented on some systems using groups at the operating system level, or they might be implemented apart from the OS concept of groups, using a separate database of role membership information.

With both groups and roles, a single user can belong to more than one group/role. Similarly, a group/role can contain multiple users. Database administrators would call the relationships between users and groups, and users and roles, “many to many” in database jargon.

Roles Are Job Descriptions

Role-based management is based on job assignments

Some roles an organization might define include “customer service rep”, “accounts payable data entry clerk”, “operations supervisor”, etc.



Previous Topic/Section
5.5  Privilege Management
Previous Page
Pages in Current Topic/Section
1
Next Page
 5.5.2  Single Sign-on
Next Topic/Section

If you find CertiGuide.com useful, please consider making a small Paypal donation to help the site, using one of the buttons below. You can also donate a custom amount using the far right button (not less than $1 please, or PayPal gets most/all of your money!) In lieu of a larger donation, you may wish to consider buying an inexpensive PDF equivalent of the CertiGuide to Security+ from StudyExam4Less.com. (Use coupon code "certiguide" by December 31, 2004 to save 20%!) Thanks for your support!
Donate $2
Donate $5
Donate $10
Donate $20
Donate $30
Donate: $


Home - Table Of Contents - Contact Us

CertiGuide for Security+ (http://www.CertiGuide.com/secplus/) on CertiGuide.com
Version 1.0 - Version Date: November 15, 2004

Adapted with permission from a work created by Tcat Houser et al.
CertiGuide.com Version © Copyright 2004 Charles M. Kozierok. All Rights Reserved.
Not responsible for any loss resulting from the use of this site.