Overview#

Permission is complex and ambiguous without a provided context.

Permission generally as merriam-webster provides, Permission is:

Our Definition#

We distinguish between a Privilege and a Permission

Permission is a component of Authorization which has the following Three Components, two of which are required:

Authorization is when a Trustor grants a Permission to a Trustee to perform a privilege against a Target Resource

Permission Conflicts#

Permission conflicts are common issues unless proper delimitation of permissions is defined. Conflicts arise when such methods of "nested" Permissions are involved. If Group "A" is permitted to access file "One" and Group "B" is denied access to file "One", then does a member of both group "A" and group "B" have Authorization to file "One"?

What is important is that these permissions are correlated and the resulting correlation is definitive. Further this correlation must be understood by all those who would grant membership to the groups.

Separation of Duty is a concept used to implicitly avoid Permission conflicts.

Positive Permission and Negative Permission #

Generally for most technical concepts, Permissions are either positive or negative.

Generally:

  • Positive Permissions express what CAN be done
  • Negative Permissions express what CANNOT be done.

Positive Permission#

Access to the Target Resource is granted unless the Permission is denied.

Microsoft originally had a positive file Permission system. All users were implicitly granted access to all files unless explicitly denied by revoking permissions.

Negative Permission#

Access to the Target Resource is denied unless the Permission is granted.

Novell INC, on their NetWare platform, and Linux/UNIX, utilized negative Permission on the file system. All users were denied access to the files unless implicitly granted.

More Information#

There might be more information for this subject on one of the following:

Add new attachment

Only authorized users are allowed to upload new attachments.
« This page (revision-34) was last changed on 16-Apr-2017 09:40 by jim