Ricoh Aficio MP 2851 Security Target - Page 70
File Administrator Operations on Document Data, SF.SEC_MNG, Security Management Function, 1.4
View all Ricoh Aficio MP 2851 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 70 highlights
Page 70 of 81 7.1.3.2 File Administrator Operations on Document Data If the logged-in user from the Operation Panel or Web Service Function is a file administrator, the TOE allows that user to display a list of document data and to delete the document data in the list individually or all at once. By the above, FDP_ACC.1 (Subset access control) and FDP_ACF.1 (Security attributebased access control) are satisfied. 7.1.4 SF.SEC_MNG Security Management Function The TOE provides Security Management Functions according to the roles assigned to users who have been successfully identified and authenticated using the SF.I&A User Identification and Authentication Function". Following are explanations of each functional item in "SF.SEC_MNG Security M anagement Function" and their corresponding security functional requirements. 7.1.4.1 Management of Document Data ACL Management of the document data ACL allows operations on the document data ACL from the Operation Panel or Web Service Function to be restricted to specified users only. Operations on the document data ACL include changing the document file owner and the document file owner's operation permissions for the document data, newly registering and deleting document file users, and changing document file users' operation permissions for the document data. These operations can be performed only by specified users who have been authorised for each operation. Table 29 shows the relationship between operations on the document data ACL and the users authorised for the operations. Table 29: O perations on document data ACL andAuthorised users Operations on document data ACL Changing of document file owners Changing of Document file owners' operation permissions for document data Registration of new document file users Deletion of document file users Changing of document file users' operation permissions for document data Authorised users - File administrators - File administrators - Document file owners - General users with full control authorisation - File administrators - Document file owners - General users with full control authorisation - File administrators - Document file owners - General users with full control authorisation - File administrators - Document file owners - General users with full control authorisation If the logged-in user is a file administrator, the TOE allows that user to perform operations on all document data ACLs, including changing document file owners and their access rights, and newly registering and deleting document file users and changing their access rights. Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.