Resource Access - Sid vs Sid History vs group membership vs all

Hello,

This sounds very basic question. Excuse me for my little knowledge.

However, I still need to fully understand how access is granted on resource (source domain / target domain) to any user (migrated with or without Sid History / newly created in target domain). Is access granted on resource to user on the basis of group membership or Sid or Sid History or all required? Let me explain what I mean

For example, if I migrate groups from source to target domain using Sid History. All resources are in the source domain. Source groups are applied on resource ACL in source domain. If I add a non-migrated user (newly created in the target domain) into a migrated group in the target domain then

Q1: Should the non-migrated user be able to access resource (based on permissions granted to source group) in the source domain just via Sid History (without any group membership) because user token will have the Sid of source group in Sid History attribute of migrated group? OR do I also need to add non-migrated user in source group either via direct membership or adding migrated group nested into source group?

Q2: Should the migrated user be able to access resource in source domain just via Sid History OR group membership is also required?

I'm confused. Kindly explain.

Parents Reply Children
No Data