答附錄動態存取控制詞彙Appendix A: Dynamic Access Control Glossary

適用於:Windows Server 2016、Windows Server 2012 R2、Windows Server 2012Applies To: Windows Server 2016, Windows Server 2012 R2, Windows Server 2012

以下是清單中的條款及動態存取控制案例中所包含定義。Following are the list of terms and definitions that are included in the Dynamic Access Control scenario.

詞彙Term 解析度Definition
自動分類Automatic classification 就會發生的分類根據是由系統管理員的身分設定分類規則分類屬性。Classification that occurs based on classification properties that are determined by classification rules configured by an administrator.
CAPIDCAPID 中央存取原則 id。Central access policy ID. 這個 ID 參考特定的中央存取原則,並用於的檔案和資料夾的電源參考原則。This ID references a specific central access policy, and it is used to reference the policy from the security descriptor of files and folders.
中央存取規則Central access rule 包含條件和存取運算式規則。A rule that includes a condition and an access expression.
中央存取原則Central access policy 設計與裝載 Active Directory 中的原則。Policies that are authored and hosted in Active Directory.
宣告型存取控制Claims-based access control 利用範例宣告做出存取控制資源。A paradigm that utilizes claims to make access control decisions to resources.
分類Classification 判斷分類的資源屬性,並將這些屬性指派給資源相關聯的中繼資料的程序。The process of determining the classification properties of resources and assigning these properties to the metadata that is associated with the resources. 也請參考 AutomaticClassification \h \ * 原自動分類、 參考 InheritedClassification \h \\ * 原繼承分類,以及參考 ManualClassification \h \\ * 原手動分類。See also REF AutomaticClassification \h \* MERGEFORMAT Automatic classification, REF InheritedClassification \h \* MERGEFORMAT Inherited classification, and REF ManualClassification \h \* MERGEFORMAT Manual classification.
裝置宣告Device claim 系統相關聯的理賠要求。A claim that is associated with the system. 使用者宣告,使用它包含嘗試存取資源的使用者權杖中。With user claims, it is included in the token of a user attempting to access a resource.
任意存取控制清單 (DACL)Discretionary access control list (DACL) 辨識允許或無法存取安全資源信任者存取控制清單。An access control list that identifies trustees who are allowed or denied access to a securable resource. 您可以修改資源擁有者自行。It can be modified at the discretion of the resource owner.
資源屬性Resource property 屬性 (例如標籤),描述檔案,使用自動分類或手動分類指派給檔案。Properties (such as labels) that describe a file and are assigned to files by using automatic classification or manual classification. 範例: 敏感度、 專案和保留時間。Examples include: Sensitivity, Project, and Retention period.
檔案伺服器資源管理員File Server Resource Manager Windows Server 作業系統的提供資料夾配額、 檔案檢測、 報告儲存空間、 檔案分類和檔案管理工作檔案的伺服器上的管理功能。A feature in the Windows Server operating system that offers management of folder quotas, file screening, storage reports, file classification, and file management jobs on a file server.
資料夾屬性和標籤Folder properties and labels 屬性,並描述資料夾,並手動由系統管理員 」 及 「 資料夾擁有者指派標籤。Properties and labels that describe a folder and are assigned manually by administrators and folder owners. 這些屬性指派預設屬性的值的檔案,例如加密或部門這些資料夾中。These properties assign default property values to the files within these folders, for example, Secrecy or Department.
群組原則Group Policy 一組規則的原則,控制項的 Active Directory 環境中使用者和電腦正常運作的環境。A set of rules and policies that controls the working environment of users and computers in an Active Directory environment.
即時分類附近Near real time classification 自動分類的檔案會建立或修改之後,很快就會執行。Automatic classification that is performed shortly after a file is created or modified.
附近即時檔案管理工作Near real-time file management tasks 管理工作稍後後所執行的檔案 (的檔案會建立,或修改。File management tasks that are performed shortly after (a file is created or modified. 這些工作是不久即時分類觸發。These tasks are triggered by the Near real-time classification.
單位 (組織單位)Organizational Unit (OU) Active Directory 容器代表階層邏輯結構,在組織中。An Active Directory container that represents hierarchical, logical structures within an organization. 這是最小領域的群組原則設定的套用。It is the smallest scope to which Group Policy settings are applied.
安全屬性Secure property 授權執行階段可以將特定的時間點的有效聲明信任分類屬性。A classification property that the authorization runtime can trust to be a valid assertion about the resource at a certain point-in-time. 宣告為基礎的存取控制,請在安全的已指派給資源屬性會被視為資源理賠要求。In claims-based access control, a secure property that is assigned to a resource is treated as a resource claim.
電源Security descriptor 資料結構包含相關聯的安全的資源,例如存取控制清單的安全性資訊。A data structure that contains security information associated with a securable resource, such as access control lists.
安全性描述定義語言Security descriptor definition language 告訴您的資訊中電源字串規格。A specification that describes the information in a security descriptor as a text string.
原則階段Staging policy 尚不作用中的中央存取原則。A central access policy that is not yet in effect.
系統存取控制清單 (SACL)System access control list (SACL) 存取控制清單指定稽核記錄需要被轉換特定信任者,嘗試存取的類型。An access control list that specifies the types of access attempts by particular trustees for which audit records need to be generated.
使用者宣告User claim 使用者的使用者的安全性權杖中提供的屬性。Attributes of a user that are provided within the user security token. 範例: 距離部門、 公司、 專案和安全性。Examples include: Department, Company, Project, and Security clearance. 從系統之前 Windows Server 2012,例如使用者是部分安全性群組使用者權杖中的資訊可也視為使用者主張。Information in the user token from systems prior to Windows Server 2012 , such as the security groups that the user is part of, can also be considered user claims. 部分使用者宣告提供 Active Directory 透過與其他人計算動態,例如使用者登入智慧卡。Some user claims are provided through Active Directory and others are calculated dynamically, such as whether the user logged in with a smart card.
使用者權杖User token 辨識使用者的使用者宣告和裝置宣告使用者相關聯的資料物件。A data object that identifies a user and the user claims and device claims that are associated with that user. 它使用授權的使用者存取資源。It is used to authorize the user's access to resources.

也了See Also

動態存取控制:案例概觀Dynamic Access Control: Scenario Overview