LDAPWiki: Privilege

Overview#

Privilege is used in many different Contexts for our discussions we will generally use the description on this page.

Privilege allows (or Denies) an Entity to perform a specific "Resource Action"

Privilege is a component of a Permission that identifies the type of Resource Action that has been delegated by a Trustor to some Trustee

Type Privilege delegation could be in any of the Contexts:

Legal
Implied
Domain
File System
(Many others)

Privilege does not identity:

the Target Resource to which the Privilege applies. A permission is where the Target Resource is identified.
the Trustee to which the Privilege has been Delegated, The assignment of the Trustee is part of the Authorization process.

Although we do not claim to be the best at wordsmithing, this is how we think of Privilege and Permissions.

Access Control #

Access Control is the process of determining whether an Permission or Privilege has been Authorized by a Trustor to a Trustee.

Privilege Conflict appear when the specifications of two or more Access Control rules result in the conflicting decisions of permitting subjects access requests by either direct or indirect (inherit) access assignments.

More Information#

There might be more information for this subject on one of the following:

Overview#

Access Control#

Privilege Conflict #

More Information#

Access Control #