Managing Access to Resources | Windows Server 2003 for Dummies

Part of each request that a client makes for a network resource includes the client's own identification. Another part names the resources that the client is requesting from the network. Clients normally use a password to access resources on a peer-to-peer network, which Microsoft calls share-level access control (because each password applies to a single shared resource).

In a Microsoft client/server network, the user's level of permissions governs that user 's ability to access resources. In Microsoft-speak, user-level access means that when a user identifies himself or herself in a request for service, the user's account name determines which requests the server can honor and which ones it must deny.

The server checks which resources the user has permission to access, and it checks also whether the operation that the user requests is allowed. For example, Bob may be allowed to read a certain file, but he may not be able to write to or delete that file. If he requests a read operation, the request is permitted, but if he requests a write or delete operation, that request is denied .

KEY CONCEPT

Handing requests on a client/server network involves more work than may be immediately apparent, because a security check controls access and restrictions. Setting up permissions requires an understanding of which names to attach to resources, to the domains in which they reside, and to the users who state such requests. Much of what you find out in Chapters 8, 11-14, and especially in Chapters 15, 16, and 18 touch on these terms and concepts and explain them to your heart's content.