We are starting our AD project, and are currently working with our development staff to determine the best way to interface with AD. In our current environment we have a number of "home grown" applications that look at SQL tables to determine application privileges. Some of the applications have as many as 50 individual access rights associated with them in the table.
We are interested in some "best practices" for application security using AD. Some of the suggestions that we have had include using AD groups to handle permissions (but this method would create a very large number of groups). The other method was to add a security bit mask field for each app and use that. Does anyone have any suggestions/comments? -Ted- List info : http://www.activedir.org/mail_list.htm List FAQ : http://www.activedir.org/list_faq.htm List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
