Download
1 / 8
80 likes | 202 Views
This assignment explores the delegation of permissions within the Marketing and Training Organizational Units (OUs). It focuses on Ahmad Ali's effective permissions on the Training OU, where several permissions, including the ability to create, delete, and reset passwords, are allowed, while read permission is denied. The assignment emphasizes how Deny permissions take precedence over Allow permissions, leading to the conclusion that Ahmad Ali’s resultant Permission Set Object (PSO) will align with the Training PSO due to its GUID, making it the most effective authority applied to him.
E N D
The effective permissions Ahmed Ali will have on Training OU -Deny read permission. -Allow Create all child objects. -Allow reset password. -Deny modify owner. -Allow Delete all child objects.
1 4 Because the Deny permission (3,4) overrides Allow permission (5,2) and Explicit Allow (6) override Inherited Deny(7). 2 5 3 6 7 8
The resultant PSO applied to Mr. Ahmed -If one or more PSOs linked directly to the user, PSOs linked to groups are ignored. So, Special PSO doesn’t apply because it not linked directly to Ahmad Ali. -If there are different PSOs, the PSO has highest precedence (lower Precedence) will be apply. Marketing_Security & Training PSO have the same precedence. -If PSOs have the same precedence, the PSO with lowest GUID will be apply. Training PSO with lowest GUID=11. So, The resultant PSO is Training PSO
