In this video, you will learn to describe various methods of ensuring effective access management to an organizations computing resources. So we're going to go over some key concepts. Now we're going to talk about authorization. Authorization is the process of allowing somebody to access a specific object. There are different type of criteria. You could restrict access by groups, by time frame or specific dates, also by physical location or transaction type. What this means basically we can do, it could allow in this case subjects or people to access objects or files or directory based on specific groups. For example, the administrator group will have access to more data than for example somebody on a different group such as maybe a financial person in a different group like a financial group or something like that. You can also restrict access by time frame mean from eight to five people can access deleted files, but any attempt to access those files outside those time frames will be denied. Also specific date, let's say Monday to Friday, those will be the date that the people working on set will be allowed to access those files. You can also restrict the access to a specific objects or files of actions again by physical location. So for example, you want people only located in the USA to access those files or you want people only outside the USA to access this type of files or a specific information. You can also restrict the access through transactions. You don't want people to write on specific files or maybe you want people to be able to read those files. We need to talk about Need to Know as well. The Need to Know is the justification for somebody to request access to a specific data. If my specific job or my job duties require me to know something and maybe that will be the justification for me to have access to a specific files and directories. In all of this, is basically a centralized on something that's called Single Sign-on. It's a very what you use on enterprises. What this does is you basically you login once and the Single Sign-on will allow you access to websites or to different parts with just a single one time login process. There are some authentication concepts that we need to understand. First of all, it's the identity proofs. On most systems they will ask you for an identity and authentication. To put an example, the username will be your identity proof. That's something that identifies you and only you. But after identifying yourself you need to authenticate that you are actually who you are saying you are. Basically that's done through the password, so the password will give you authentication and your username will give you identification. Kerberos it's a protocol used for implementing cosine on. There are some mutual authentication like CHAP, these are some type of authentication processes that are used to communicate to systems. They are rely on a [inaudible]. More specifically in active directory we have something called Security ID and this basically it's a unique ID given to objects and subjects. We mean it's an ID that identifies a person and also it's able to identify an object meaning, for example, a specific group or a specific file. Most of the operating systems that we know use Discretionary Access Controls, basically the Discretionary Access Control is a type of access control that allows the users to give access to their own data to whomever they want. Meaning if I have a text file or a sensitive data, I'm responsible for who is allowed to view and edit that file because it's my file and it's discretionary to me to give that access to anyone that I want to.