The designer of a server application that assigns security to private object types must make many decisions about the design of the security interface, such as those in the following list:
ˇDefine object.
ˇDetermine the types of objects and the access types required, including whether to support SYNCHRONIZE.
ˇDetermine whether an object is a container or noncontainer, as well as the appropriate inheritance flags.
ˇDefine appropriate access types and generic mappings.
ˇDetermine impersonation characteristics.
ˇDevelop security descriptor for the initial object and for new objects assembled from the parent's security descriptor and the client's access token.
ˇConsider string- versus handle-based object-manipulation functions.
ˇResolve potential conflicts in access rights. For example, decide what is to be done if an administrator and a user both have delete access to an object.
For example, the designer of a protected print server might choose to define a server object, a printer object, and a document object. The three access rights in the following table are likely to be required:
| Access right | Description |
| Administrate | Allows the holder to add objects to and delete them from another object. This right applies to the server, the printers, and the documents. |
| Enumerate | Allows the holder to list a container object's contents. This right applies to the server and to the printers. |
| Use | Allow the holder to add items to a print queue. This right applies to the printers. |