Ricoh Aficio MP 6001 SP Security Target - Page 52

Table 21: Subjects, Objects and Security Attributes b

Get Ricoh Aficio MP 6001 SP PDF manuals and user guides View all Ricoh Aficio MP 6001 SP manuals
Add to My Manuals
Save this manual to your list of manuals

Page 52 highlights

Table 19: Rules on User Jobs (a) Page 51 of 87 Subject Operation on Object Rule Governing Access Normal user Deletion of user job process When the login user name of normal user associated with the normal user process matches the login user name of normal user associated with the user job, deletion of user job is allowed for that normal user process. FDP_ACF.1.3(a) The TSF shall explicitly authorise access of subjects to objects based on the following additional rules: [assignment: rules that explicitly authorise access of subjects to objects shown in Table 20]. Table 20: Rules That Explicitly Authorise Access (a) Subject MFP administrator process MFP administrator process Operations on Object Deletion of user document Rules That Explicitly Authorise Access Allows the MFP administrator process to delete all of the stored user documents. Deletion of user job Allows the MFP administrator process to delete all user jobs. FDP_ACF.1.4(a) The TSF shall explicitly deny access of subjects to objects based on the following additional rules: [assignment: rules that deny the operations on the user documents and user jobs when logged in with login user name of supervisor]. FDP_ACF.1(b) Security attribute based access control Hierarchical to: No other components. Dependencies: FDP_ACC.1 Subset access control FMT_MSA.3 Static attribute initialisation FDP_ACF.1.1(b) The TSF shall enforce the [assignment: TOE function access control SFP] to objects based on the following: [assignment: subjects or objects, and their corresponding security attributes shown in Table 21]. Table 21: Subjects, Objects and Security Attributes (b) Category Subject or Object Security Attributes Subject Normal user process Login user name of normal user, available function list Object MFP application Function type FDP_ACF.1.2(b) The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed: [assignment: operations on objects by subjects and rules governing access to operations shown in Table 22]. Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
Page 51 of
87
Table 19: Rules on User Jobs (a)
Subject
Operation on Object
Rule Governing Access
Normal
user
process
Deletion of user job
When the login user name of normal user associated with the
normal user process matches the login user name of normal
user associated with the user job, deletion of user job is
allowed for that normal user process.
FDP_ACF.1.3(a) The TSF shall explicitly authorise access of subjects to objects based on the following
additional rules:
[assignment: rules that explicitly authorise access of subjects to objects
shown in Table 20]
.
Table 20: Rules That Explicitly Authorise Access (a)
Subject
Operations on Object
Rules That Explicitly Authorise Access
MFP
administrator
process
Deletion of user document
Allows the MFP administrator process to delete all of the
stored user documents.
MFP
administrator
process
Deletion of user job
Allows the MFP administrator process to delete all user jobs.
FDP_ACF.1.4(a) The TSF shall explicitly deny access of subjects to objects based on the following additional
rules:
[assignment: rules that deny the operations on the user documents and user jobs
when logged in with login user name of supervisor]
.
FDP_ACF.1(b) Security attribute based access control
Hierarchical to:
No other components.
Dependencies:
FDP_ACC.1 Subset access control
FMT_MSA.3 Static attribute initialisation
FDP_ACF.1.1(b) The TSF shall enforce the
[assignment: TOE function access control SFP]
to objects based
on the following:
[assignment: subjects or objects, and their corresponding security
attributes shown in Table 21]
.
Table 21: Subjects, Objects and Security Attributes (b)
Category
Subject or Object
Security Attributes
Subject
Normal user process
Login user name of normal user, available function
list
Object
MFP application
Function type
FDP_ACF.1.2(b) The TSF shall enforce the following rules to determine if an operation among controlled
subjects and controlled objects is allowed:
[assignment: operations on objects by subjects
and rules governing access to operations shown in Table 22]
.
Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.