With an AD rights management model you wil reduce the administrative burden and increase the security level, also. With role-based rights management models, you realize comprehensible and transparent authorization and authentication operations.
Functional roles in the company are mapped in Windows groups. With the role-based delegation of permissions you define:
• setting of administrative tasks
• limitation of execution rights
• limited ranges in the Active Directory directory service and in the IT peripherals
• the figures of administrative functions in IT applications
Thus, the permits are controlled. This is an important part of IT-security. The function role model continues to be the basis for identity management platforms and the integration of ITIL.
The decentralized distribution of IT administration groups and functional roles brings together the common administrative tasks in the it.
Prerequisites for a successful delegation of rights are:
• the mapping of the company organization chart in AD organizational units (OU)
• the definition of management roles within the work processes
• the figuring of the function roles in Windows groups
A significant gain in security is based on the minimal rights within the entire AD infrastructure in all executive areas through limited Windows group memberships (least amount of privilege) and customized group policy applications.