2.1.1 System Capabilities

The Authorization protocols enable the applications to make access control decisions. In Windows, the authorization system has the capability to support the following authorization models:

  • DAC and CBAC models

  • AzMan RBAC model

  • COM+ roles access control model

The following table illustrates the features of the DAC model that are implemented in Windows resource managers.

Authorization feature

Active Directory objects

NTFS file system objects

Registry objects

Printer objects

Inheritance

(see [MS-DTYP] section 2.5.3.4)

Yes

Yes

Yes

Yes

Object-specific access

(see [MS-ADTS] section 5.1.3.3.3)

Yes

No

No

No

Control access rights

(see [MS-ADTS] section 5.1.3.2.1)

Yes

No

No

No

Validated write rights

(see [MS-ADTS] section 5.1.3.2.2)

Yes

No

No

No

Object visibility

Yes

No

No

No

Conditional expression ACEs

No

Yes

No

No

Claims (CBAC)

No

Yes

No

No