[thelist] Windows NTFS and Group Permissions

Ken Schaefer Ken at adOpenStatic.com
Fri Sep 8 09:52:09 CDT 2006

: -----Original Message-----
: From: thelist-bounces at lists.evolt.org [mailto:thelist-
: bounces at lists.evolt.org] On Behalf Of Rob Smith
: Subject: [thelist] Windows NTFS and Group Permissions
: I know all about showing or hiding information or pages from specific
: users using NTFS/CR, but what about inhibiting or permitting specific
: network groups? We're growing pretty fast and I surely don't want to
: micromanage:
: If (request.servervariables("AUTH_USER") = "domain\uname") or _
: (request.servervariables("AUTH_USER") = "domain\uname1") or _
: ...
: ... then
:     Do this.
: End if
: I don't know how the larger fortune 500 companies handle this situation.

Fortune 500 companies with portal sites that handle hundreds of thousands of
users, don't write ASP code that manually checks for the user's NT user
account name...

I'm not entirely sure what you're trying to use here, but most large sites
would use a pre-canned piece of software (like Sharepoint Portal Server) that
supports NT groups OOB, and also provide workflow that allows users to
request access from the content owner (or delegated owner). That makes it
very easy to get a snapshot of who has access to what (which allows
revocation of access as well).

Alternatively, it is relatively trivial to enumerate the user's direct group
membership via LDAP if you want to do it the manual way you are doing it


More information about the thelist mailing list