Jack Lloyd
asked on
Dynamic Access Control
Hi Guys,
I've not used DAC yet but I'm wondering if someone could just clarify something for me. We work in an environment where the labour turnover is higher as we use a lot of freelancers, they all however need accounts.
At the minute it's a nightmare providing NTFS permissions to users as they need them so regularly. What I was wondering about DAC is whether we could control access to folders based on AD Attributes?
E.g. If Freelancer 1 had a custom attribute of "Project 1" I could provide access to a folder which says each person with the AD custom attribute "Project 1" can access that folder?
This would help as our HR system will populate these fields when they start.
I've not used DAC yet but I'm wondering if someone could just clarify something for me. We work in an environment where the labour turnover is higher as we use a lot of freelancers, they all however need accounts.
At the minute it's a nightmare providing NTFS permissions to users as they need them so regularly. What I was wondering about DAC is whether we could control access to folders based on AD Attributes?
E.g. If Freelancer 1 had a custom attribute of "Project 1" I could provide access to a folder which says each person with the AD custom attribute "Project 1" can access that folder?
This would help as our HR system will populate these fields when they start.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you handled NTFS permissions using groups, it would be pretty easy using classic NTFS permissions. For example, I would create domain local groups called "Project 1-RO" and "Project 1-RW". Give one group read permissions on Project 1, and the other group modify permissions to that folder. Then populate the groups with the correct AD membership using other AD groups or users.