The need for managing 'objects' — computers, printers, servers, users, groups, switches — on the network caused the emergence of directory management protocols and systems. Microsoft Active Directory is the most common directory implementation in today's computing environment.
In general, the management of the directory is listed under the IT departments' responsibilities in organizations. It is regarded as the correct way as IT departments are also responsible for the security and the reliability of the information systems of the organization.
The other commonly used concept for managing objects — 'role-based security' — emerged approximately at the same time. Utilization of different organizational structures — functional operations, flat management, matrix management, etc. — instead of hierarchical organizations accelerated the use of role-based security. IT departments again were considered as the responsible unit for application of role-based security.
The directory services are installed and maintained by IT departments which is quite the natural consequence of the management requirement of computers and accounts. The management of permissions of users, groups and operational/organizational units are under the responsibilities of the organization's management. The limits and permissions of each 'object' are determined by the management of the organization. As a part of their 'maintaining' responsibility, IT departments shall apply these definitions to the systems; ideally to the directory services.
Properly maintained directory services allow unified implementation of permissions and restrictions across all software systems. Document management systems are no exception. Effective use of directory services simplifies the processes and reduces time consumed in management of permissions.