Product Support
Support for your product in a single location.
Downloads
New releases, updates and patches.
Professional Services
Maximize your investmentFind out how we can help
Executive Blog
Our leaders' commentary on news inthe software industry. Read now
Careers
Where do you want to be?Search jobs
Written by Randy Franklin Smith, President, Monterey Technology Group, Inc
Good access control is really a matter of well-managed groups and managing most entitlements through AD. Of course, the why and how of access control matter, too, and I’ll cover that in this solution brief. But at the end of the day, good access control comes down to avoiding the use of local groups (whether on Windows file servers, in Microsoft SQL Server, in SharePoint, or elsewhere) and instead assigning permissions to Active Directory (AD) groups. In my experience, you can’t hope to really understand, much less control, who has access to what until you can manage the bulk of your entitlements through AD.
In this paper, I’ll explain why AD groups are at the center of the access control and governance universe and then explore what it takes to manage them. I will discuss why and how to implement group ownership and attestation controls. Also, we’ll look at how much group maintenance can be automated through self-service access-request handling and policy-based rule assignments.
