Overview#
Permission is complex and ambiguous without a provided context.Permission generally as merriam-webster
provides, Permission is:
- the act of permitting
- formal consent : Authorization
Our Definition#
We distinguish between a Privilege and a PermissionPermission is a component of Authorization which has the following Three Components, two of which are required:
- The Context of the Privilege (Required)
- Legal
- Implied
- Domain
- File System
- The Target Resource(s) (Required), to which the Permission is granted or revoked
- The file Name
- The LDAP OrganizationalUnit
- The Resource Action delegated for the Target Resource
- CRUD
- Open
- Lock or Un-lock
Permission Conflicts#
Permission conflicts (or Privilege Conflicts) are common issues encountered.Positive Permission and Negative Permission #
Generally for most technical concepts, Permissions are either positive or negative.Generally:
- Positive Permissions express what CAN be done
- Negative Permissions express what CANNOT be done.
Negative Permission#
Access to the Target Resource is denied unless the Permission is granted.Access Control#
Access Control is the process of determining whether a Permission or Privilege has been Authorized by a Trustor to a Trustee.More Information#
There might be more information for this subject on one of the following:- API Development
- AWS IAM
- AWS Role
- Access Control
- Access Control Entry
- Access Control List
- Access Token
- Attribute Based Access Control
- Authorization
- Authorization Policy
- Childrens Online Privacy Protection Act
- Chrome Custom Tabs
- Computer Fraud and Abuse Act
- Consent
- Consent vs Authorization
- Context Based Access Control
- CountryOfResidence
- Create Read Update Delete
- Cross Origin Resource Sharing
- Digital Identity
- EDirectory Monitor Entry
- Everybody
- Executive order
- Firearms License
- G-Suite Domain
- GCP Permission
- GCP Project Owner
- GCP Role
- GidNumber
- Glossary Of LDAP And Directory Terminology
- Google Cloud IAM
- Grant Negotiation and Authorization Protocol
- IDM The Application Developers Dilemma
- INCITS 359
- Impersonation
- Indy Steward
- Informed Consent
- Java Authentication and Authorization Service
- Join AD Domain
- Legal right
- License
- Linux Files and File Permissions
- Linux Umask Settings
- MS Access Mask
- MsDS-SupportedEncryptionTypes
- NDSRightsToMonitor
- NISTIR 8112
- Natural rights
- Nautical License
- Negative Permission
- Nested Groups
- Non Permissioned System
- OAuth 2.0 Tokens
- OAuth Scope Example
- Object ACL
- Open Access
- OpenAM
- Owner
- PassSyncConfig.cpl
- Password Flow From Active Directory to eDirectory
- Permission
- Permission ticket
- Permissioned Systems
- Permissionless System
- Permissions to read Universal Password
- Positive Permission
- Privilege
- Privilege Conflict
- Proxy
- Proxy Server
- RBAC
- RBAC Defining Roles
- RBAC How are roles different from groups
- RBAC Session
- RBAC constraints
- Rights
- Role
- SDI Key
- SECURITY_IMPERSONATION_LEVEL
- SchemaIDGUID
- Security Descriptor
- Security Group
- Security Reference Monitor
- Sovrin Steward
- Token Introspection Endpoint
- Upgraded
- Windows Authentication Package
- X-NDS_BOTH_MANAGED
- XACML
- XDASv2 Events