Implementation should include
differentiating between global groups and local groups
accounting for trust relationships
determining which system-level tasks should be restricted to administrators
documenting, publishing, and reviewing policies.