Decentralized user group assignment in Windows NT

Gail Joon Ahn, Ravi Sandhu

Research output: Contribution to journalArticlepeer-review

3 Scopus citations


The notion of groups in Windows NT is much like that in other operating systems. Rather than set user and file rights individually for each and every user, the administrator can give rights to various groups, then place users within those groups. Each user within a group inherits the rights associated with that group. In this paper, we describe an experiment to extend the Windows NT group mechanism in two significant ways that are useful in managing group-based access control in large-scale systems. The goal of our experiment is to demonstrate how group hierarchies (where groups include other groups) and decentralized user-group assignment (where administrators are selectively delegated authority to assign certain users to certain groups) can be implemented by means of Microsoft remote procedure call (RPC) programs. In both respects the experimental goal is to implement previously published models (RBAC96 for group hierarchies and URA97 for decentralized user-group assignment). Our results indicate that Windows NT has adequate flexibility to accommodate sophisticated access control models to some extent.

Original languageEnglish (US)
Pages (from-to)39-49
Number of pages11
JournalJournal of Systems and Software
Issue number1
StatePublished - Feb 1 2001
Externally publishedYes


  • Role-based access control
  • Security
  • Windows NT

ASJC Scopus subject areas

  • Software
  • Information Systems
  • Hardware and Architecture


Dive into the research topics of 'Decentralized user group assignment in Windows NT'. Together they form a unique fingerprint.

Cite this