Ricoh Aficio MP 3350B Security Target - Page 73

Management of Administrator Information

Get Ricoh Aficio MP 3350B PDF manuals and user guides View all Ricoh Aficio MP 3350B manuals
Add to My Manuals
Save this manual to your list of manuals

Page 73 highlights

Delete the Document File Users Change the operation permission on Document Data of Document File Users Page 73 of 83 - Document File Owners - General Users with full control authorisation - File Administrator - Document File Owners - General Users with full control authorisation - File Administrator - Document File Owners - General Users with full control authorisation If the login user is the File Administrator, the TOE allows the File Administrator to perform the operations on all Document Data ACLs including changing Document File Owners and the access rights of the Document File Owners, newly registering Document File Users, deleting Document File Users, and changing the access rights of Document File Users. If the login user is a General User, it allows the General User to perform the operations only on the Document Data ACL for which the General User is set as the full control authorised user, including changing the operation permission on Document Data of the Document File Owners, newly registering Document File Users, deleting Document File Users, and changing the operation permission on Document Data of Document File Users. However, even if the full control authorisation is not set for Document File Owners, Document File Owners are allowed to perform the operations on the Document Data ACL of the Document Data owned by the Document File Owners, including changing the operation permission on Document Data of the Document File Owners, newly registering and delete Document File Users, and changing the operation permission on Document Data of Document File Users. From the above, FMT_MSA.1 (Management of security attributes), FMT_MSA.3 (Static attribute initialisation) and FMT_SMF.1 (Specification of Management Functions) are accomplished. 7.1.4.2 Management of Administrator Information Management of Administrator Information allows only specific users to perform operations on Administrator Information from the Operation Panel or Web Service Function. Administrator Information includes Administrator IDs, Administrator Authentication Information, and Administrator Roles. The operations on Administrator Information include newly creating, querying and changing Administrator IDs, changing Administrator Authentication Information, querying, adding and deleting Administrator Roles. The users who are authorised to perform each of these operations are specified. Table 31 shows the relation between the operations on Administrator Information and the authorised users for the operations on Administrator Information. Table 31: Access to Administrator Information Operations on Administrator Information Newly create Administrator IDs Change Administrator IDs Query Administrator IDs Change Administrator Authorised operators Administrators The Administrator themselves The Administrator themselves, Supervisor The Administrator themselves, Supervisor Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
Page 73 of 83
- Document File Owners
- General Users with full control authorisation
Delete the Document File Users
- File Administrator
- Document File Owners
- General Users with full control authorisation
Change the operation permission on Document
Data of Document File Users
- File Administrator
- Document File Owners
- General Users with full control authorisation
If the login user is the File Administrator, the TOE allows the File Administrator to perform the operations
on all Document Data ACLs including changing Document File Owners and the access rights of the
Document File Owners, newly registering Document File Users, deleting Document File Users, and
changing the access rights of Document File Users.
If the login user is a General User, it allows the General User to perform the operations only on the
Document Data ACL for which the General User is set as the full control authorised user, including changing
the operation permission on Document Data of the Document File Owners, newly registering Document File
Users, deleting Document File Users, and changing the operation permission on Document Data of
Document File Users. However, even if the full control authorisation is not set for Document File Owners,
Document File Owners are allowed to perform the operations on the Document Data ACL of the Document
Data owned by the Document File Owners, including changing the operation permission on Document Data
of the Document File Owners, newly registering and delete Document File Users, and changing the operation
permission on Document Data of Document File Users.
From the above, FMT_MSA.1 (Management of security attributes), FMT_MSA.3 (Static attribute
initialisation) and FMT_SMF.1 (Specification of Management Functions) are accomplished.
7.1.4.2
Management of Administrator Information
Management of Administrator Information allows only specific users to perform operations on Administrator
Information from the Operation Panel or Web Service Function.
Administrator Information includes Administrator IDs, Administrator Authentication Information, and
Administrator Roles. The operations on Administrator Information include newly creating, querying and
changing Administrator IDs, changing Administrator Authentication Information, querying, adding and
deleting Administrator Roles. The users who are authorised to perform each of these operations are specified.
Table 31 shows the relation between the operations on Administrator Information and the authorised users
for the operations on Administrator Information.
Table 31: Access to Administrator Information
Operations on Administrator
Information
Authorised operators
Newly create Administrator IDs
Administrators
Change Administrator IDs
The Administrator themselves
Query Administrator IDs
The Administrator themselves, Supervisor
Change
Administrator
The Administrator themselves, Supervisor
Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.