Administrator Role Separation
GPTKB entity
Statements (18)
| Predicate | Object |
|---|---|
| gptkbp:instanceOf |
gptkb:security
|
| gptkbp:appliesTo |
gptkb:Active_Directory
Microsoft Identity Manager |
| gptkbp:category |
access control
identity management |
| gptkbp:enables |
delegation of administrative tasks
|
| gptkbp:enforcedBy |
least privilege principle
|
| https://www.w3.org/2000/01/rdf-schema#label |
Administrator Role Separation
|
| gptkbp:prevention |
single administrator from having full control
|
| gptkbp:purpose |
reduce risk of privilege misuse
separate administrative duties |
| gptkbp:relatedTo |
role-based access control
separation of duties |
| gptkbp:requires |
multiple administrator accounts
|
| gptkbp:supportedBy |
gptkb:Active_Directory_Domain_Services
Microsoft Identity Manager 2016 |
| gptkbp:bfsParent |
gptkb:Read-Only_Domain_Controller_(RODC)
|
| gptkbp:bfsLayer |
8
|