DAV ACLs Lisa Dusseault Microsoft. Agenda Background Scenarios Goals.

Slides:



Advertisements
Similar presentations
When you combine NTFS permissions and share permissions the most restrictive effective permission applies. For example, if you share a folder and assign.
Advertisements

1 Chapter Overview Understanding and Applying NTFS Permissions Assigning NTFS Permissions and Special Permissions Solving Permissions Problems.
1 Chapter Overview Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions.
Chapter 9 Chapter 9: Managing Groups, Folders, Files, and Object Security.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 5: Managing File Access.
6.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
3.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 3: Introducing Active Directory.
Hands-On Microsoft Windows Server 2003 Administration Chapter 5 Administering File Resources.
Administering Active Directory
Hands-On Microsoft Windows Server 2003 Administration Chapter 3 Administering Active Directory.
70-270, MCSE/MCSA Guide to Installing and Managing Microsoft Windows XP Professional and Windows Server 2003 Chapter Nine Managing File System Access.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW  Create and manage file system shares and work.
Lesson 4: Configuring File and Share Access
5.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 5: Working with File Systems.
7.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 7: Introducing Group Accounts.
Lecture 7 Access Control
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 4 “Overview”.
1 Securing Network Resources Understanding NTFS Permissions Assigning NTFS Permissions Assigning Special Permissions Copying and Moving Files and Folders.
Guide to MCSE , Enhanced 1 Activity 9-1: Creating a Group Policy Object Using the MMC Objective: To create a GPO using the Group Policy Object Editor.
Chapter 7 WORKING WITH GROUPS.
11 SHARING FILE SYSTEM RESOURCES Chapter 9. Chapter 9: SHARING FILE SYSTEM RESOURCES2 CHAPTER OVERVIEW Create and manage file system shares and work with.
Chapter 5 File and Printer Services
Access Control Lists and NTFS Permissions INFO333 – Lecture Mariusz Nowostawski Noria Foukia.
9.1 © 2004 Pearson Education, Inc. Exam Planning, Implementing, and Maintaining a Microsoft Windows Server 2003 Active Directory Infrastructure.
Chapter 5 Configuring, Managing, and Troubleshooting Resource Access
70-294: MCSE Guide to Microsoft Windows Server 2003 Active Directory Chapter 9: Active Directory Authentication and Security.
Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.
CN1176 Computer Support Kemtis Kunanuraksapong MSIS with Distinction MCT, MCTS, MCDST, MCP, A+
Managing Active Directory Domain Services Objects
Chapter 7: WORKING WITH GROUPS
C HAPTER 6 NTFS PERMISSIONS & SECURITY SETTING. INTRODUCTION NTFS provides performance, security, reliability & advanced features that are not found in.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 5: Managing File Access.
IOS110 Introduction to Operating Systems using Windows Session 8 1.
Module 4 Managing Access to Resources in Active Directory ® Domain Services.
September 18, 2002 Windows 2000 Server Active Directory By Jerry Haggard.
© Wiley Inc All Rights Reserved. MCSE: Windows Server 2003 Active Directory Planning, Implementation, and Maintenance Study Guide, Second Edition.
Introduction to Microsoft Management Console (MMC) MMC is a common console framework for management applications. MMC provides a common environment for.
Chapter 9: SHARING FILE SYSTEM RESOURCES1 CHAPTER OVERVIEW  Create and manage file system shares and work with share permissions.  Use NTFS file system.
PS Security By Deviprasad. Agenda Components of PS Security Security Model User Profiles Roles Permission List. Dynamic Roles Static Roles Building Roles/Rules.
Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.
DAV ACLs Lisa Lippert Microsoft. Agenda Background –drafts, terms, how file systems use ACLs –Other ACLs efforts Scenarios Goals –goals, may-haves, won’t-haves.
CE Operating Systems Lecture 21 Operating Systems Protection with examples from Linux & Windows.
Chapter 10: Rights, User, and Group Administration.
Page 1 NTFS and Share Permissions Lecture 6 Hassan Shuja 10/26/2004.
1 Chapter Overview Managing Object and Container Permissions Locating and Moving Active Directory Objects Delegating Control Troubleshooting Active Directory.
Module 5: Managing Access to Objects in Organizational Units.
MA194Using WindowsNT1 Topics for the day… WindowsNT Security WindowsNT File System (NTFS) Viewing/Setting Document and Folder Permissions Access Control.
CN1260 Client Operating System Kemtis Kunanuraksapong MSIS with Distinction MCT, MCITP, MCTS, MCDST, MCP, A+
1 Introduction to NTFS Permissions Assign NTFS permissions to specify Which users and groups can gain access to folders and files What they can do with.
Module 4: Managing Access to Resources. Overview Overview of Managing Access to Resources Managing Access to Shared Folders Managing Access to Files and.
Managing Data by Using NTFS. Overview Introduction to NTFS Permissions How Windows 2000 Applies NTFS Permissions Using NTFS Permissions Using Special.
Module 4: Managing Access to Resources. Overview Overview of Managing Access to Resources Managing Access to Shared Folders Managing Access to Files and.
Sharing Resources Lesson 6. Objectives Manage NTFS and share permissions Determine effective permissions Configure Windows printing.
11/06/ أساسيات الأتصال و الشبكات Communication & Networks Fundamentals lab 5.
11 SUPPORTING WINDOWS XP FILE AND FOLDER ACCESS Chapter 5.
ITMT Windows 7 Configuration Chapter 6 – Sharing Resource ITMT 1371 – Windows 7 Configuration 1.
Assignment # 8.
Tactic 1: Adopt Least Privilege
Introduction to NTFS Permissions
Lesson 4: Configuring File and Share Access
Module 4: Managing Access to Resources
Module 7: Managing Access to Objects in Organizational Units
Azure Identity Premier Fast Start
Managing Data by Using NTFS
Managing Data by Using NTFS
Chapter 9: Managing Groups, Folders, Files, and Object Security
Introducing NTFS Reliability Security Long file names Efficiency
Access Control What’s New?
Presentation transcript:

DAV ACLs Lisa Dusseault Microsoft

Agenda Background Scenarios Goals

Background draft-ietf-webdav-acreq-01.txt draft-ietf-webdav-acl-00.txt Terms –ACL –ACE –Principal

File System ACLs Resource x principal x right --> yes/no Each resource (file or directory) has its own list Each list has entries for various principals and rights “All Users” principal Groups as well as individual users

File System ACLs Common rights: read, write, execute Other rights: list members, read ACLs, write ACLs, synchronize Directories may be treated differently than files Access rights may be denied as well as granted

File System ACLs Ownership Inheritance Rules for avoiding conflict

Scenarios Different authors on different resources within one collection Deny access to a member of a group Delegation without relinquishing control Disallow from seeing the presence of a resource in a collection?? Roles: Authors, editors, maintainers, managers, contributors...

Goals Allow access controls to be read and set Support most frequently used rights –read, write, delete, add child, list children, delete children, read ACL, write ACL Support grant, deny Access controls must apply to resources and should apply to properties

Goals Continued Flexible principal specification –userid & domain, group & domain, all, all authorized Ability to add and remove access settings without resetting entire list

Inheritance goals Static inheritance Dynamic inheritance Top-down vs. leaf-only inheritance (“walk the path”) What to do if leaf has empty acls

Extensibility and Discovery Add new types of rights to resources or types of resources Ability to discover new rights

Security Goals Allow administrators to block/log access control requests Allow resource/collection managers to grant and deny access to read and write access settings

Security: Ownership “Owner” is the principal to whom permissions cannot be effectively denied Useful to have “set owner” as well as “set ACLs” right (solves delegation scenario) Must be supported

Security: Encryption Encryption could greatly reduce chance of snooping Snooping is particularly dangerous when account names are sent across the wire Recommend but not require that implementations support encryption Allow implementations to refuse non- encrypted requests

Security: Certificates Could have certificates issuable which mean “I have permission to write to this resource” even though certificate holder is not known Would access certificates override the access list? Should we support this use of certificates? DAV ACL design will be functional without certificate-based delegation.

Predictability Goal Ability for clients to predict access levels Completeness include all administrators that could delete the file? Evaluation must be unambiguously defined Behaviour must be entirely consistent or discoverable

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.