most restrictive local permission but allows to shutdown com+ components

We have an application that uses a user created account that needs to be able to shutdown com+ components but be more restricted then a power user.  Is there already such a security group or where in the security settings would allow for control of com+ components.

Thanks for your time
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


Setting COM+ Security
Security roles model and enforce an access control policy for a COM+ application. Roles are categories of users that have been defined for the application for the purpose of determining access permissions to the application's resources. The developer assigns the roles (as symbolic user categories) to the application and potentially to finer structures within it — including components, interfaces, methods, or private application resources. These role assignments are then used to determine which user categories have permission to access which elements within the application.

When an application uses role-based security, a caller's role membership is checked on every call into the application. If a caller does not belong to a role having permission to access the item being called, the call will fail. Callers are granted access to the application, or its resources, strictly according to the constraints defined within the roles to which they belong.

The system administrator's job is to populate the roles defined for the application with Windows 2000 user accounts and groups. This is a crucial stage in carrying out the application's security policy. Users must be assigned to the roles that correctly represent their relationship to the data and resources they might access through the application.

The preferred way to populate roles with users is to use Windows 2000 groups. First, you assign a user account to the appropriate groups, and then ensure that the groups are assigned to the appropriate roles. Using Windows 2000 groups to populate roles makes it easier for you to manage large numbers of users.

In enterprise computing environments, it is often difficult to effectively track each user's place within the organization and determine how that maps into the role-based security policy particular to each application. As the number of users, administrators, and applications rises, this task becomes increasingly complicated. The most scalable solution is to assign user groups to COM+ application roles.

Before you assign any groups to roles, you need to be sure that you understand the application's security policy. Ideally, roles should carry names that suggest who should belong to them, such as "Managers" and "Tellers." In addition, there are descriptions for each role that you can access using the Component Services administrative tool that may describe what kinds of users should belong to the role. However, if you are not sure which user groups belong in which roles, consult the documentation that accompanies the application or ask the developer for clarification.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.