Ricoh Aficio MP 3350B Security Target - Page 43
Document File User ID in the Document Data ACL
View all Ricoh Aficio MP 3350B manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 43 highlights
Table 10: Rules Governing Access Page 43 of 83 Subject General User process Operations on objects Storing Document Data Reading Document Data Editing Document Data Deleting Document Data Rules governing access General Users can store the Document Data. The Document Data Default ACL associated with General User process is copied to the Document Data ACL associated with the storing Document Data when storing the Document Data. When General User ID, associated with General User process, matches either Document File Owner ID or a Document File User ID in the Document Data ACL, associated with the Document Data, and also the matched ID has permission for viewing, editing, editing/deleting or full control, the General User process is allowed to read the Document Data. When General User ID, associated with General User process, matches either the Document File Owner ID or a Document File User ID in the Document Data ACL, associated with the Document Data, and also when the matched ID has permission for editing, editing/deleting or full control, the General User process is allowed to register the editing of Print Settings for the Document Data. When General User ID, associated with General User process, matches either the Document File Owner ID or a Document File User ID in the Document Data ACL, associated with the Document Data, and also when the matched ID has permission for editing/deleting or full control, the General User process is allowed to delete the Document Data. FDP_ACF.1.3 The TSF shall explicitly authorise access of subjects to objects based on the following additional rules: [assignment: rules that explicitly grant subject's operations on objects shown in Table 11]. Table 11: Rules Governing Access Explicitly Subject Administrator process Operations on object Deleting the Document Data Rules governing access When the File Administrator is included in Administrator Roles that are associated with Administrator process, the Administrator process is allowed to delete all Document Data stored in D-BOX. FDP_ACF.1.4 The TSF shall explicitly deny access of subjects to objects based on the [assignment: no rules, based on security attributes, that explicitly deny access of subjects to objects]. FDP_IFC.1 Subset information flow control Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.