Ricoh Aficio MP 3350B Security Target - Page 24

When Document Data is stored, its Document Data ACL is set to the Document Data Default

Get Ricoh Aficio MP 3350B PDF manuals and user guides View all Ricoh Aficio MP 3350B manuals
Add to My Manuals
Save this manual to your list of manuals

Page 24 highlights

Page 24 of 83 And the Network Administrator decides the communication protocol to use according to the environment where the TOE is placed and the intended purpose of the TOE. 1. Download Document Data using the Web Service Function from a client PC: SSL protocol. 2. Print or fax from a client PC: SSL protocol. 3. Deliver Document Data to an FTP server or SMB server from the TOE: IPSec protocol. 4. Send Document Data attached to e-mail to a client PC from the TOE: S/MIME. Security Management Function The Security Management Function is used to allow the Administrators, Supervisor and General Users, who are successfully authenticated with "Identification and Authentication Function", which is also one of the security functions and described previously, to perform the following operations for Security Management corresponding to their user roles. 1. Management of the Document Data ACL Management of the Document Data ACL is used to allow only specific users to modify the Document Data ACL. Modifying the Document Data ACL includes changing Document File Owners, newly registering Document File Users for the Document Data ACL, deleting Document File Users who were previously registered for the Document Data ACL, and changing operation permissions on Document Data. Among these, only the File Administrator is allowed to change the Document File Owners. The File Administrator, Document File Owners, and Document File Users who have full control permissions on Document Data are allowed to perform other operations. When Document Data is stored, its Document Data ACL is set to the Document Data Default ACL. 2. Management of Administrator Information Management of Administrator Information is used to allow the specific users to register and delete Administrators, to add and delete Administrator Roles, and to change Administrator IDs and passwords. Only Administrators are allowed to register another Administrator and to add an Administrator Role to another Administrator. The applicable Administrator is allowed to delete the Administrator and Administrator Role and to change Administrator ID. The applicable Administrator and Supervisor are allowed to change Administrator passwords. And an Administrator is allowed to add an Administrator Role, and to delete his/her own Administrator Roles, provided that all such Administrator Roles are already assigned to other Administrators. Since Administrators are required to have one or more Administrator Roles, it is necessary to give (add) one or more roles of their own Administrator Roles to the new Administrator when they register other Administrators. In addition, if Administrators delete all the Administrator Roles of their own, their Administrator Information will be automatically deleted. 3. Management of General User Information Management of General User Information is used to allow only specific user roles to newly create, change and delete General User Information. The relation between user roles and authorised operations is: - The User Administrator is allowed to newly create, change and delete General User Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
Page 24 of 83
And the Network Administrator decides the communication protocol to use according to the environment
where the TOE is placed and the intended purpose of the TOE.
1.
Download Document Data using the Web Service Function from a client PC: SSL protocol.
2.
Print or fax from a client PC: SSL protocol.
3.
Deliver Document Data to an FTP server or SMB server from the TOE: IPSec protocol.
4.
Send Document Data attached to e-mail to a client PC from the TOE: S/MIME.
Security Management Function
The Security Management Function is used to allow the Administrators, Supervisor and General Users, who
are successfully authenticated with "Identification and Authentication Function", which is also one of the
security functions and described previously, to perform the following operations for Security Management
corresponding to their user roles.
1.
Management of the Document Data ACL
Management of the Document Data ACL is used to allow only specific users to modify the
Document Data ACL. Modifying the Document Data ACL includes changing Document File
Owners, newly registering Document File Users for the Document Data ACL, deleting Document
File Users who were previously registered for the Document Data ACL, and changing operation
permissions on Document Data. Among these, only the File Administrator is allowed to change
the Document File Owners. The File Administrator, Document File Owners, and Document File
Users who have full control permissions on Document Data are allowed to perform other
operations.
When Document Data is stored, its Document Data ACL is set to the Document Data Default
ACL.
2.
Management of Administrator Information
Management of Administrator Information is used to allow the specific users to register and delete
Administrators, to add and delete Administrator Roles, and to change Administrator IDs and
passwords.
Only Administrators are allowed to register another Administrator and to add an Administrator
Role to another Administrator. The applicable Administrator is allowed to delete the Administrator
and Administrator Role and to change Administrator ID. The applicable Administrator and
Supervisor are allowed to change Administrator passwords. And an Administrator is allowed to
add an Administrator Role, and to delete his/her own Administrator Roles, provided that all such
Administrator Roles are already assigned to other Administrators.
Since Administrators are required to have one or more Administrator Roles, it is necessary to give
(add) one or more roles of their own Administrator Roles to the new Administrator when they
register other Administrators. In addition, if Administrators delete all the Administrator Roles of
their own, their Administrator Information will be automatically deleted.
3.
Management of General User Information
Management of General User Information is used to allow only specific user roles to newly create,
change and delete General User Information. The relation between user roles and authorised
operations is:
-
The User Administrator is allowed to newly create, change and delete General User
Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.