Overview#
Privilege is used in many different Contexts for our discussions we will generally use the description on this page.Privilege allows (or Denies) an Entity to perform a specific "Resource Action"
Privilege is a component of a Permission that identifies the type of Resource Action that has been delegated by a Trustor to some Trustee
Type Privilege delegation could be in any of the Contexts:
- Legal
- Implied
- Domain
- File System
- (Many others)
Privilege does not identity:
- the Target Resource to which the Privilege applies. A permission is where the Target Resource is identified.
- the Trustee to which the Privilege has been Delegated, The assignment of the Trustee is part of the Authorization process.
Although we do not claim to be the best at wordsmithing, this is how we think of Privilege and Permissions.
Access Control#
Access Control is the process of determining whether an Permission or Privilege has been Authorized by a Trustor to a Trustee.Privilege Conflict #
Privilege Conflict appear when the specifications of two or more Access Control rules result in the conflicting decisions of permitting subjects access requests by either direct or indirect (inherit) access assignments.More Information#
There might be more information for this subject on one of the following:- Access Authority
- Access Control
- Access Control Entry
- Authorization
- Authorization Policy
- AuthorizationID
- Credential Management
- Cyclic Inheritance
- Data Ownership
- Digital Identity
- EDirectory Privileges
- Entitlement
- Entitlement Example
- Entitlement parameter value
- Event 4673
- Exploitability Metrics
- Glossary Of LDAP And Directory Terminology
- Golden Ticket
- Grant Negotiation and Authorization Protocol
- Incremental authorization
- JSPWiki Permission
- Kerberos Forged Ticket
- Key
- Local Administrative Accounts
- Local Security Authority
- Lock
- MSFT Access Token
- OAuth 2.0 Incremental Authorization
- OAuth Scopes
- Object ACL
- OpenID Connect Claims
- OpenID Connect Scopes
- Pass-the-ticket
- Password Administrator
- Password Policy Administrator
- Peer
- Peer-to-peer
- Permission
- Primary Access Token
- Principle of least privilege
- Privilege Conflict
- Privilege Management Infrastructure
- Privileged Account Management
- Provisioning
- Resource Action
- Role
- Rowhammer
- SAML
- SECURITY_IMPERSONATION_LEVEL
- Security-constraint
- Social Justice
- Trustee
- Trustor
- WIKI-ACLs
