Security basics

All Microsoft Provisioning System components use discretionary access control lists (DACLs) and access control entries (ACEs) to control the access permissions granted and denied to specific users and groups for individual objects. Microsoft Provisioning System flows through the security context of a request, so it can support multiple roles with different security policies and permissions. Additionally, individual components implement specific functionality for secure provisioning of services and support.

For more information on Microsoft Provisioning System security, see Security in Microsoft Provisioning Framework and Security in Delegated Administration Console. For more information on how Microsoft Provisioning System implements the component infrastructures to support security, see Implementation architecture.