Who is AzMan

Welcome to the Authorization Manager Team Blog. If you’re not familiar with Authorization Manager (AzMan) it is the Role-Based Access Control model provided originally in Windows Server 2003. It’s since been made available on XP via the XP Admin pack for Server 03 (this is for administration or dev on XP - see ms download center and search on Administration Pack) and on Windows 2000 via a web download (see ms download center and search on AzMan).

 

Authorization Manager’s there to help application developers and admins in the following ways (for those of you who haven’t’ seen thisJ):

 

Common RBAC Administration

An easy to use common role-based administrative experience; administrators learn fewer authorization models and require less training.

Role-based Development Framework

Easy to integrate with native or managed apps, provides broad RBAC management and enforcement functionality.

Flexible Authorization Rules

Ability to define membership through dynamic ldap queries or custom BizRules.

Centralized Administration

Multiple applications can be managed centrally and leverage common application groups.

Flexible Storage Options

Ability to store policy in Active Directory, XML-Files or SQL Server (Vista Beta 2.)

Platform Integration and Alignment

Support for platform features such as Active Directory groups, Windows security auditing, and MMC. Assurance of proper integration of system access control objects such as the NT access token and better alignment for future Windows access control features such as provisioning and entitlement engines.

Reduced Software Development and Maintenance Costs

Developers avoid the expense or trade-offs of custom access control. AzMan does the expensive work of a full-featured authorization solution; including: a complete RBAC model, policy storage (AD, SQL, or XML), an MMC user interface, built-in application group support, rule and query support, integrated system auditing, and performance optimizations such as caching and late-binding.

                                             

Enhanced Security

Platform technologies are rigorously tested, broadly used and continually refined. A common RBAC model leverages administrators existing knowledge resulting in fewer access control mistakes.

 

AzMan has seen good uptake, particularly in LOB apps.

 

For some case studies check out:

Israel Court

House:

https://members.microsoft.com/customerevidence/search/EvidenceDetails.aspx?EvidenceID=13419&LanguageID=1&PFT=Microsoft%20Windows%20Server%202003&TaxID=20106

 

and Lighthouse International:

https://download.microsoft.com/documents/customerevidence/20836_AzMan_Case_Study_Lighthouse_Final.doc

 

 

The plan is to use this blog to get the FAQ info out and give AzMan news as soon as it’s available. Fire away if you got questions. Though checkout the current set of AzMan docs, here’s some dev oriented stuff:

Authorization Manager Whitepaper

Platform SDK Documentation

MSDN: AzMan Overview

MSDN: AzMan BizRules

MSDN: AzMan Dynamic Groups

DEV: Programmable Architecture Guide (PAG): Authorization and Profile Application Block

DEV: Keith Brown MSDN Article (Sample included): Use Role-Based Security in Your Middle Tier .NET Apps with Authorization Manager

Server Watch Tutorial: Exploring Windows 2003 Security: Authorization Manager

 

-Dave McPherson