2.1.1 System Capabilities
The Authorization protocols enable the applications to make access control decisions. In Windows, the authorization system has the capability to support the following authorization models:
DAC and CBAC models
AzMan RBAC model
COM+ roles access control model
The following table illustrates the features of the DAC model that are implemented in Windows resource managers.
|
Authorization feature |
Active Directory objects |
NTFS file system objects |
Registry objects |
Printer objects |
|---|---|---|---|---|
|
Inheritance |
Yes |
Yes |
Yes |
Yes |
|
Object-specific access |
Yes |
No |
No |
No |
|
Control access rights (see [MS-ADTS] section 5.1.3.2.1) |
Yes |
No |
No |
No |
|
Validated write rights (see [MS-ADTS] section 5.1.3.2.2) |
Yes |
No |
No |
No |
|
Object visibility |
Yes |
No |
No |
No |
|
Conditional expression ACEs |
No |
Yes |
No |
No |
|
Claims (CBAC) |
No |
Yes |
No |
No |