Who is AzMan
Welcome to the Authorization Manager Team Blog. If you’re not familiar with Authorization Manager (AzMan) it is the Role-Based Access Control model provided originally in Windows Server 2003. It’s since been made available on XP via the XP Admin pack for Server 03 (this is for administration or dev on XP - see ms download center and search on Administration Pack) and on Windows 2000 via a web download (see ms download center and search on AzMan).
Authorization Manager’s there to help application developers and admins in the following ways (for those of you who haven’t’ seen thisJ):
Common RBAC Administration
An easy to use common role-based administrative experience; administrators learn fewer authorization models and require less training.
Role-based Development Framework
Easy to integrate with native or managed apps, provides broad RBAC management and enforcement functionality.
Flexible Authorization Rules
Ability to define membership through dynamic ldap queries or custom BizRules.
Centralized Administration
Multiple applications can be managed centrally and leverage common application groups.
Flexible Storage Options
Ability to store policy in Active Directory, XML-Files or SQL Server (Vista Beta 2.)
Platform Integration and Alignment
Support for platform features such as Active Directory groups, Windows security auditing, and MMC. Assurance of proper integration of system access control objects such as the NT access token and better alignment for future Windows access control features such as provisioning and entitlement engines.
Reduced Software Development and Maintenance Costs
Developers avoid the expense or trade-offs of custom access control. AzMan does the expensive work of a full-featured authorization solution; including: a complete RBAC model, policy storage (AD, SQL, or XML), an MMC user interface, built-in application group support, rule and query support, integrated system auditing, and performance optimizations such as caching and late-binding.
Enhanced Security
Platform technologies are rigorously tested, broadly used and continually refined. A common RBAC model leverages administrators existing knowledge resulting in fewer access control mistakes.
AzMan has seen good uptake, particularly in LOB apps.
For some case studies check out:
Israel Court
House:
and Lighthouse International:
The plan is to use this blog to get the FAQ info out and give AzMan news as soon as it’s available. Fire away if you got questions. Though checkout the current set of AzMan docs, here’s some dev oriented stuff:
Authorization Manager Whitepaper
DEV: Programmable Architecture Guide (PAG): Authorization and Profile Application Block
DEV: Keith Brown MSDN Article (Sample included): Use Role-Based Security in Your Middle Tier .NET Apps with Authorization Manager
Server Watch Tutorial: Exploring Windows 2003 Security: Authorization Manager
-Dave McPherson