Ricoh Aficio MP 2851 Security Target - Page 70

File Administrator Operations on Document Data, SF.SEC_MNG, Security Management Function, 1.4

Get Ricoh Aficio MP 2851 PDF manuals and user guides View all Ricoh Aficio MP 2851 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 70 highlights

Page 70 of 81 7.1.3.2 File Administrator Operations on Document Data If the logged-in user from the Operation Panel or Web Service Function is a file administrator, the TOE allows that user to display a list of document data and to delete the document data in the list individually or all at once. By the above, FDP_ACC.1 (Subset access control) and FDP_ACF.1 (Security attributebased access control) are satisfied. 7.1.4 SF.SEC_MNG Security Management Function The TOE provides Security Management Functions according to the roles assigned to users who have been successfully identified and authenticated using the SF.I&A User Identification and Authentication Function". Following are explanations of each functional item in "SF.SEC_MNG Security M anagement Function" and their corresponding security functional requirements. 7.1.4.1 Management of Document Data ACL Management of the document data ACL allows operations on the document data ACL from the Operation Panel or Web Service Function to be restricted to specified users only. Operations on the document data ACL include changing the document file owner and the document file owner's operation permissions for the document data, newly registering and deleting document file users, and changing document file users' operation permissions for the document data. These operations can be performed only by specified users who have been authorised for each operation. Table 29 shows the relationship between operations on the document data ACL and the users authorised for the operations. Table 29: O perations on document data ACL andAuthorised users Operations on document data ACL Changing of document file owners Changing of Document file owners' operation permissions for document data Registration of new document file users Deletion of document file users Changing of document file users' operation permissions for document data Authorised users - File administrators - File administrators - Document file owners - General users with full control authorisation - File administrators - Document file owners - General users with full control authorisation - File administrators - Document file owners - General users with full control authorisation - File administrators - Document file owners - General users with full control authorisation If the logged-in user is a file administrator, the TOE allows that user to perform operations on all document data ACLs, including changing document file owners and their access rights, and newly registering and deleting document file users and changing their access rights. Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
Page 70 of 81
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.
7.1.3.2
File Administrator Operations on Document Data
If the logged-in user from the Operation Panel or Web Service Function is a file administrator, the TOE
allows that user to display a list of document data and to delete the document data in the list individually or
all at once.
By the above, FDP_ACC.1 (Subset access control) and FDP_ACF.1 (Security attributebased access control)
are satisfied.
7.1.4
SF.SEC_MNG
Security Management Function
The TOE provides Security Management Functions according to the roles assigned to users who have been
successfully identified
and authenticated using the SF.I&A
User Identification and
Authentication Function". Following are explanations of each functional item in "SF.SEC_MNG
Security Management Function" and their corresponding security functional requirements.
7.1.4.1
Management of Document Data ACL
Management of the document data ACL allows operations on the document data ACL from the Operation
Panel or Web Service Function to be restricted to specified users only. Operations on the document data
ACL include changing the document file owner and the document file owner's operation permissions for the
document data, newly registering and deleting document file users, and changing document file users
'
operation permissions for the document data. These operations can be performed only by specified users who
have been authorised for each operation. Table 29 shows the relationship between operations on the
document data ACL and the users authorised for the operations.
Table 29: Operations on document data ACL and Authorised users
Operations on document data ACL
Authorised users
Changing of document file owners
- File administrators
Changing of Document file owners' operation
permissions for document data
- File administrators
- Document file owners
- General users with full control authorisation
Registration of new document file users
- File administrators
- Document file owners
- General users with full control authorisation
Deletion of document file users
- File administrators
- Document file owners
- General users with full control authorisation
Changing of document file users' operation
permissions for document data
- File administrators
- Document file owners
- General users with full control authorisation
If the logged-in user is a file administrator, the TOE allows that user to perform operations on all document
data ACLs, including changing document file owners and their access rights, and newly registering and
deleting document file users and changing their access rights.