Ricoh Aficio MP 3350B Security Target - Page 43

Document File User ID in the Document Data ACL

Get Ricoh Aficio MP 3350B PDF manuals and user guides View all Ricoh Aficio MP 3350B manuals
Add to My Manuals
Save this manual to your list of manuals

Page 43 highlights

Table 10: Rules Governing Access Page 43 of 83 Subject General User process Operations on objects Storing Document Data Reading Document Data Editing Document Data Deleting Document Data Rules governing access General Users can store the Document Data. The Document Data Default ACL associated with General User process is copied to the Document Data ACL associated with the storing Document Data when storing the Document Data. When General User ID, associated with General User process, matches either Document File Owner ID or a Document File User ID in the Document Data ACL, associated with the Document Data, and also the matched ID has permission for viewing, editing, editing/deleting or full control, the General User process is allowed to read the Document Data. When General User ID, associated with General User process, matches either the Document File Owner ID or a Document File User ID in the Document Data ACL, associated with the Document Data, and also when the matched ID has permission for editing, editing/deleting or full control, the General User process is allowed to register the editing of Print Settings for the Document Data. When General User ID, associated with General User process, matches either the Document File Owner ID or a Document File User ID in the Document Data ACL, associated with the Document Data, and also when the matched ID has permission for editing/deleting or full control, the General User process is allowed to delete the Document Data. FDP_ACF.1.3 The TSF shall explicitly authorise access of subjects to objects based on the following additional rules: [assignment: rules that explicitly grant subject's operations on objects shown in Table 11]. Table 11: Rules Governing Access Explicitly Subject Administrator process Operations on object Deleting the Document Data Rules governing access When the File Administrator is included in Administrator Roles that are associated with Administrator process, the Administrator process is allowed to delete all Document Data stored in D-BOX. FDP_ACF.1.4 The TSF shall explicitly deny access of subjects to objects based on the [assignment: no rules, based on security attributes, that explicitly deny access of subjects to objects]. FDP_IFC.1 Subset information flow control Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
Page 43 of 83
Table 10: Rules Governing Access
Subject
Operations on objects
Rules governing access
Storing Document Data
General Users can store the Document Data. The Document
Data Default ACL associated with General User process is
copied to the Document Data ACL associated with the storing
Document Data when storing the Document Data.
Reading Document Data
When General User ID, associated with General User
process, matches either Document File Owner ID or a
Document File User ID in the Document Data ACL,
associated with the Document Data, and also the matched ID
has permission for viewing, editing, editing/deleting or full
control, the General User process is allowed to read the
Document Data.
Editing Document Data
When General User ID, associated with General User
process, matches either the Document File Owner ID or a
Document File User ID in the Document Data ACL,
associated with the Document Data, and also when the
matched ID has permission for editing, editing/deleting or full
control, the General User process is allowed to register the
editing of Print Settings for the Document Data.
General User
process
Deleting Document Data
When General User ID, associated with General User
process, matches either the Document File Owner ID or a
Document File User ID in the Document Data ACL,
associated with the Document Data, and also when the
matched ID has permission for editing/deleting or full
control, the General User process is allowed to delete the
Document Data.
FDP_ACF.1.3 The TSF shall explicitly authorise access of subjects to objects based on the following
additional rules:
[assignment: rules that explicitly grant subject's operations on objects
shown in
Table 11
].
Table 11: Rules Governing Access Explicitly
Subject
Operations on object
Rules governing access
Administrator
process
Deleting
the
Document
Data
When the File Administrator is included in Administrator
Roles that are associated with Administrator process, the
Administrator process is allowed to delete all Document Data
stored in D-BOX.
FDP_ACF.1.4
The TSF shall explicitly deny access of subjects to objects based on the
[assignment: no
rules, based on security attributes, that explicitly deny access of subjects to objects]
.
FDP_IFC.1
Subset information flow control
Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.