Administering Application Security
Component Services provides a simple, robust security model that you can use to protect COM+ applications, data, and resources from accidental or malicious corruption.
The central mechanism is that of roles, which are user categories that have been defined for an application by its developer. Roles are initially assigned to the application and its components by the developer and then populated with actual users by the system administrator. When in place, roles serve to enforce an access control policy for the application.
For administrative purposes, role-based security clarifies and simplifies security maintenance for a COM+ application. Tasks for administration of role-based security are typically as simple as populating an application's predefined roles with Microsoft® Windows® groups or user accounts and setting an identity for the application (a user account under which the application runs).
Before You Continue
Security should be an intrinsic part of an application's design. Developers assess security requirements and balance them against performance and functional requirements. The developer decides what level of role-based security is appropriate and incorporates roles that represent the categories of users for whom the application is intended. These choices can affect every functional aspect of an application, so they should be made in the context of its overall design.
Note For a broad discussion of COM+ security, see the "COM+ Security" section under "Component Services" in the Microsoft Platform SDK. For a discussion of COM security, see the "COM Security" section under "Component Services" in the Microsoft Platform SDK. If you don't have the Platform SDK installed, see the MSDN Web site to view or install it.
The topics described in the following table provide detailed background and task information about security.
| Topic | Description |
| Security Administration Concepts | Provides an overview and links to more information about administering application security. |
| Security Administration Tasks | Provides links to step-by-step procedures for security-related tasks. |