Authorization service on Windows systems

On Windows systems:

Principal
Is a Windows user ID, or an ID associated with an application program running on behalf of a user.
Group
Is a Windows group.

Authorizations can be granted or revoked at the principal or group level.