Did you read that right?  AZMAN?  Yep… from pretty much any windows box you can click start-run and type azman.msc and click okay…

What you get is Authorization Manager.  Evidently this tool has been around for quite some time and was intended to be used to facilitate proper RBAC models (Role Based Access Control).  I was shown it today by one of my collegues and I can see that it would be quite useful. 

It lets you store the data in 1 of 3 locations:

  1. Active Directory
  2. XML file
  3. MSSQL Database

Interestingly enough all you have to do is put in the data store and then select “Action – New Application.” At that point you will be presented with your basic application settings as follows:

So far so good right?At this point you can start building your role based access model.  You can create operation definitions (which basically allow very granular access to the resources you specify).  Likewise, you can create a task or role definition based which can be a combination of operation definitions in any form you like. 

Once you have it all layed out, you can connect to the AZMAN with a .net call to call AccessCheck and see if the application credentials are allowed based on what you defined in AZMAN!  Will you use this application; who knows… I would love to see some valid implementations and see how it works. 

Here is an article discussing how to do this in ASP.NET:

Happy azmanning!! haha,