Ricoh Aficio MP C3001 Security Target - Page 57

Document data +CPY Document data +DSR Read Delete Document data +DSR Read User jobs No setting of document data attribute Delete Page 56 of 93 Normal user process Normal user process Normal user process Normal user process Not allowed. However, it is allowed for normal user process that created the document data. Not allowed. However, it is allowed for normal user process with login user name of normal user registered on document user list for document data. Not allowed. However, it is allowed for normal user process with login user name of normal user registered on document user list for document data. Not allowed. However, it is allowed for normal user process with login user name of normal user, which is the security attribute of user jobs. FDP_ACF.1.3(a) The TSF shall explicitly authorise access of subjects to objects based on the following additional rules: [assignment: rules to control operations among subjects and objects shown in Table 19]. Table 19 : Additional Rules to Control Operations on Document Data and User Jobs (a) Objects Document data Document data Document data User jobs Document Data Attributes +PRT +FAXIN +DSR No setting of document data attribute Operations Delete Delete Delete Delete Subjects MFP administrator process MFP administrator process MFP administrator process MFP administrator process Rules to control Operations Allows. Allows. Allows. Allows. FDP_ACF.1.4(a) The TSF shall explicitly deny access of subjects to objects based on the following additional rules: [assignment: deny the operations on the document data and user jobs in case of supervisor process or RC Gate process]. FDP_ACF.1(b) Security attribute-based access control Hierarchical to: No other components. Dependencies: FDP_ACC.1 Subset access control FMT_MSA.3 Static attribute initialisation Copyright (c) 2011 RICOH COMPANY, LTD. All rights reserved.