Ricoh Aficio MP 2851 Security Target - Page 45

administrator IDs, administrator roles and supervisor ID]. Page 45 of 81 FIA_USB.1.2 The TSF shall enforce the following rules on the initial association of user security attributes with subjects acting on the behalf of users: [assignment: rules for the initial association of attributes listed in Table 15]. Table 15: Rules for initial association of attributes Users General user Administrator Supervisor Subjects General user process Administrator process Supervisor process Security attributes of users General user ID, Document data default ACL Administrator ID, Administrator roles Supervisor ID FIA_USB.1.3 The TSF shall enforce the following rules governing changes to the user security attributes associated with subjects acting on the behalf of users: [assignment: administrators can add their own assigned administrator roles to other administrators, and can delete their own administrator roles. However, the administrator cannot delete the assigned administrator role if that role is assigned to no other administrators]. 6.1.5 Class FMT: Security management FMT_MSA.1 Management of security attributes Hierarchical to: No other components. Dependencies: [FDP_ACC.1 Subset access control, or FDP_IFC.1 Subset information flow control] FMT_SMR.1 Security roles FMT_SMF.1 Specification of Management Functions FMT_MSA.1.1 The TSF shall enforce the [assignment: MFP access control SFP] to restrict the ability to [selection: query, modify, delete, [assignment: newly create, change, add]] the security attributes [assignment: security attributes in Table 16] to [assignment: users/roles in Table 16]. Table 16: Management roles of security attributes Security attributes General user IDs (a data item of general user information) Operations Query, newly create, delete User roles - User administrator Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.