Permission in AD are privileges granted to users or groups to perform certain operations on objects. Permissions are usually granted by object owners or administrators.
(7 votes, average: 3.57 out of 5)
When it comes to resource sharing, the first thought is to provide access only to those who require and to the level they require it. This is where security principal objects play a crucial role, in that they can be “authenticated” and “authorized” to use other resource objects. AD authenticates the security principal objects using access tokens.