Ricoh Aficio MP 8001 sec - Page 43

assignment: no

Get Ricoh Aficio MP 8001 PDF manuals and user guides View all Ricoh Aficio MP 8001 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 43 highlights

Page 42 of 82 FDP_ACF.1.2 The TSF shall enforce the following rules to determine if an operation among controlled subjects and controlled objects is allowed: [assignment: rules governing subject operations on objects and access to the operations shown in Table 10 Table 10: Rules governing access Subject General user process Operations on objects Storing document data Reading document data Deleting document data Rules governing access General users can store document data. When the document data is stored, the document data default ACL associated with the general user process is copied to the document data ACL associated with the document data. A general user process has permission to read document data if the general user ID associated with the general user process matches either the document file owner ID or the document file user ID in the document data ACL associated with the document data, and if the matched ID has viewing, editing, editing/deleting, or full control permission. A general user process has permission to delete document data if the general user ID associated with the general user process matches either the document file owner ID or a document file user ID in the document data ACL associated with the document data, and if the matched ID has permission for editing/deleting or full control permission. FDP_ACF.1.3 The TSF shall explicitly authorise access of subjects to objects based on the following additional rules: [assignment: rules that explicitly grant subject's operations on objects shown in Table 11 Table 11: Rules governing access explicitly Subject Administrator process Operations on object Deleting document data Rules governing access When the file administrator is included in administrator roles that are associated with administrator process, the administrator process has permission to delete all document data stored in the D-BOX. FDP_ACF.1.4 The TSF shall explicitly deny access of subjects to objects based on the [assignment: no rules, based on security attributes that explicitly deny access of subjects to objects]. FDP_IFC.1 Subset information flow control Hierarchical to: No other components. Dependencies: FDP_IFF.1 Simple security attributes. FDP_IFC.1.1 The TSF shall enforce the [assignment: telephone line information flow SFP] on Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
Page 42 of 82
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.
FDP_ACF.1.2 The TSF shall enforce the following rules to determine if an operation among controlled
subjects and controlled objects is allowed:
[assignment: rules governing subject
operations on objects and access to the operations shown in
Table 10
]
.
Table 10: Rules governing access
Subject
Operations on objects
Rules governing access
Storing document data
General users can store document data. When the document
data is stored, the document data default ACL associated
with the general user process is copied to the document data
ACL associated with the document data.
Reading document data
A general user process has permission to read document data
if the general user ID associated with the general user
process matches either the document file owner ID or the
document file user ID in the document data ACL associated
with the document data, and if the matched ID has viewing,
editing, editing/deleting, or full control permission.
General
user
process
Deleting document data
A general user process has permission to delete document
data if the general user ID associated with the general user
process matches either the document file owner ID or a
document file user ID in the document data ACL associated
with the document data, and if the matched ID has
permission for editing/deleting or full control permission.
FDP_ACF.1.3 The TSF shall explicitly authorise access of subjects to objects based on the following
additional rules:
[assignment: rules that explicitly grant subject's operations on objects
shown in
Table 11
].
Table 11: Rules governing access explicitly
Subject
Operations on object
Rules governing access
Administrator
process
Deleting document data
When the file administrator is included in administrator roles
that
are
associated
with
administrator
process,
the
administrator process has permission to delete all document
data stored in the D-BOX.
FDP_ACF.1.4
The TSF shall explicitly deny access of subjects to objects based on the
[assignment: no
rules, based on security attributes that explicitly deny access of subjects to objects]
.
FDP_IFC.1
Subset information flow control
Hierarchical to:
No other components.
Dependencies:
FDP_IFF.1 Simple security attributes.
FDP_IFC.1.1
The TSF shall enforce the
[assignment: telephone line information flow SFP]
on