Ricoh Aficio MP C2800 Security Target - Page 21

Page 21 of 80 document data ACL, deleting document file users previously registered for document data ACL, and changing operation permissions specified in document data. Only file administrators can change the document file owners. File administrators, document file owners, and document file users with full control permissions can perform other operations. When document data is stored, its document data ACL is set to the document data default ACL. 2. Management of administrator information Allows specified users to register and delete administrators, to add and delete administrator roles, and change administrator IDs and passwords. Only administrators are allowed to register another administrator or add an administrator role to another administrator. Such administrators can delete an administrator or an administrator role, and change an administrator's ID. Administrators and supervisor can change administrator passwords. An a dministrator is permitted to add ana dministrator role to another administrator, provided that the first administrator is already assigned thata dministrator role, and an a dministrator is permitted to delete one of his/her a dministrator roles, provided that at least one other a dministrator is assigned thata dministrator role. Since administrators are required to have at least one administrator role, one or more of their roles must be given to a new administrator when they register another administrator. If administrators delete all of their own administrator roles, their administrator information will be automatically deleted. 3. Management of general user information Allows only users with specified user roles to newly create, change, and delete general user information. The relationship between user roles and authorised operations is: - User administrators can newly create, change, and delete general user information. - General users can change their own general user information that is registered to them in the Address Book, with the exception of their user IDs. 4. Management of supervisor information Superv isor can change their supervisor ID and password. 5. Management of machine control data Each administrator is allowed to configure the items of machine control data that correspond to their administrator role (machine administrator, user administrator, or andfile administrator). Service Mode Lock Function The Maintenance Function is used by CEs who receive a request from the machine administrator to perform maintenance on the TOE from the Operation Panel. The Service Mode Lock Function prevents the Maintenance Function being used. In this evaluation, the Service Mode Lock Function set to "On". Telephone Line Intrusion Protection Function This function is for devices equipped with a Fax Unit. It restricts communication over a telephone line to the TOE, so thatthe TOE receives only permitted data. Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.