troubleshooting Question

role based access in AD

Avatar of Pau Lo
Pau Lo asked on
SecurityActive DirectoryOS Security
6 Comments1 Solution434 ViewsLast Modified:
The organisation I work for (I work in risk not IT) is moving to a role based access control model for assigning permissions to users on our numerous file servers.

At present file server access is locked down via groups, i.e.:

\\fileserver\department\teamXYZ - would only be accessible via a domain group called “teamXYZ” (and IT support groups)

I must confess I don’t really see what is wrong with this approach? Or how it is bad practice? (feel free to explain - I am not a fan of changing something that isnt broke and works well).

But apparently we are going down the RBAC model, I wasn’t sure if AD actually has “roles”, I can see users and groups in ADUC, but can’t say I have ever seen a “role” object in AD?
But that aside, how is RBAC more secure than group based permissions, and from a risk perspective, are there any specific risks associated with RBAC, and compensating controls/best practices to mitigate the new risks associated with using RBAC models.
Join the community to see this answer!
Join our exclusive community to see this answer & millions of others.
Unlock 1 Answer and 6 Comments.
Join the Community
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 6 Comments.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros