Delegation of Control

From Wikipedia, the free encyclopedia
Jump to: navigation, search

In computing Delegation of Control is assigning a person or group specific administrative permissions for an Organizational Unit. In information management, this is used to create teams that can perform specific (limited) tasks for changing information within a user directory or database. The goal of delegation is to create groups with minimum permissions that grant the ability to carry out authorized tasks. Granting extraneous/superfluous permissions would create abilities beyond the authorized scope of work.

Active Directory[edit]

In Microsoft Active Directory the administrative permissions this is accomplished using the Delegation of Control Wizard. Types of permissions include managing and viewing user accounts, managing groups, managing group policy links, generating Resultant Set of Policy, and managing and viewing InOrgPerson accounts.

A use of Delegation of Control could be to give managers complete control of users in their own department. With this arrangement managers can create new users, groups, and computer objects, but only in their own OU.