All Microsoft Provisioning System components use discretionary access control lists (DACLs) and access control entries (ACEs) to control the access permissions granted and denied to specific users and groups for individual objects. Microsoft Provisioning System flows through the security context of a request, so it can support multiple roles with different security policies and permissions. Additionally, individual components implement specific functionality for secure provisioning of services and support.
In Microsoft Provisioning Framework (MPF), security is based on the effective management of authentication, authorization, and data services. The management of these elements includes support for impersonation and delegation, which are necessary in order to specify the credentials under which certain procedures and processes run. This security also uses encryption and other security features that prevent unauthorized access to data and the provisioning infrastructure.
Microsoft Provisioning System builds on the security features of MPF. It includes several Active Directory security features to ensure that appropriate privacy applies to all user accounts and data. These features include the security features of other components and products to ensure that users view and access only the objects and data for which they are authorized. The additional security features include those of Active Directory, Microsoft Exchange 2000 Enterprise Server, Internet Information Services (IIS) version 5.0, and FrontPage 2002 Server Extensions from Microsoft. The business logic of the non-provider namespaces of Microsoft Provisioning System enforce the rules required to implement the additional security features. Microsoft Provisioning System, through Delegated Administration Console and non-provider namespaces, establishes an environment that enables the provisioning targets to perform in a secure manner, but still allows customer-specific security configurations.
For more information on Microsoft Provisioning System security, see Security in Microsoft Provisioning Framework and Security in Delegated Administration Console. For more information on how Microsoft Provisioning System implements the component infrastructures to support security, see Implementation architecture.