Ricoh Aficio MP 2851 Security Target - Page 22

Page 22 of 81 Security Management Function This function allows administrators, supervisors, and general users who have been successfully authenticated by the previously described "Identification and Authentication Function" to perform the following operations for security management according to user role. 1. Management of document data ACL Allows only specified users to modify the document Data ACL. Modifying the document data ACL includes changing document file owners, registering new document file users for the document data ACL, deleting document file users previously registered for document data ACL, and changingoperation permissions specified in document data. Only file administrators can change the document file owners. File administrators, document file owners, and document file users with full control permissions can perform other operations. When document data is stored, its document data ACL is set to the document data default ACL. 2. Management of administrator information Allows specified users to register and delete administrators, to add and delete administrator roles, and change administrator IDs and passwords. Only administrators are allowed to register another administrator or add an administrator role to another administrator. Such administrators can delete an administrator or an administrator role, and change an administrator's ID. Administrators and supervisors can change administrator passwords. An Administrator is permitted to add an Administrator Role to another Administrator, provided that the first Administrator is already assigned that Administrator Role, and an Administrator is permitted to delete one of his/her Administrator Roles, provided that at least one other Administrator is assigned that Administrator Role. Since administrators are required to have at least one administrator role, one or more of their roles must be given to a new administrator when they register another administrator. If administrators delete all of their own administrator roles, their administrator information will be automatically deleted. 3. Management of general user information Allows only users with specified user roles to newly create, change, and delete general user information. The relationship between user roles and authorised operations is: - User administrators can newly create, change, and delete general user information. - General users can change their own general user information that is registered to them in the Address Book, with the exception of their user IDs. 4. Management of supervisor information Supervisors can change their supervisor ID and password. 5. Management of machine control data Each administrator is allowed to configure the items of machine control data that correspond to their administrator role (machine administrator, user administrator, or and file administrator). Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.