Assigning Permissions

(OBJ 4.6)

Privileges

• Define the levels of access that users have
• Local Administration Account
  • High level of access
  • Allows administrator to
    • change system settings
    • install softwares
    • perform a variety of managerial tasks
• Standard User Accounts
  • Can’t change system settings
  • Can store files in their designated area only
  • "Can only unlock certain doors inside their own rooms"

Principle of Least Privilege

• A user should only have the minimum access rights needed to perform their job functions and tasks, and nothing additional or extra

Microsoft Account

• Free online account that you can use to sign in to a variety of Microsoft services
  • Windows, Office365, Xbox Live, Skype, etc.
• Can be used in place of your Local Windows Account

User Account Control (UAC)

• A mechanism designed to ensure that actions requiring administrative rights are explicitly authorized by the user
• Access is limited to what the user needs to do a job
• Purpose is to minimize the risk of users gaining access to administrative privileges
• Access control and permissions can also apply to groups of users
  • When a user is added to a group, they inherit the permissions of that group
• Example:
  • Installing new software
  • Clicking "yes" to confirm, etc.

File and Folder Permissions

• Setting permissions at the folder level applies those permissions to all files within that folder
• In Windows, these file and folder permissions are accessed by
  • Right-click on a file or folder
  • Select ‘Properties’
  • Navigate to the ‘Security’ tab
• Always ensure to only give out the necessary permissions