Ricoh Aficio MP C2800 Security Target - Page 40

Table 10, Table 11 - lines on copies

Get Ricoh Aficio MP C2800 PDF manuals and user guides View all Ricoh Aficio MP C2800 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 40 highlights

Table 9: Rules governing access Page 40 of 80 Subject General user process Operations on objects Storing document data Reading document data Deleting document data Rules governing access General users can store document data. When the document data is stored, the document data default ACL associated with the general user process is copied to the document data ACL associated with the document data. A general user process has permission to read document data if the general user ID associated with the general user process matches either the document file owner ID or the document file user ID in the document data ACL associated with the document data, and if the matched ID has viewing, editing, editing/deleting, or full control permission. A general user process has permission to delete document data if the general user ID associated with the general user process matches either the document file owner ID or a document file user ID in the document data ACL associated with the document data, and if the matched ID has permission for editing/deleting or full control permission. FDP_ACF.1.3 The TSF shall explicitly authorise access of subjects to objects based on the following additional rules: [assignment: rules that explicitly grant subject's operations on objects shown inTable 10 Table 10: Rules governing access explicitly Subject Administrator process Operations on object Deleting document data Rules governing access When the file administrator is included in administrator roles that are associated with administrator process, the administrator process has permission to delete all document data stored in the D-BOX. FDP_ACF.1.4 The TSF shall explicitly deny access of subjects to objects based on the [assignment: no rules, based on security attributes that explicitly deny access of subjects to objects]. FDP_IFC.1 Subset information flow control Hierarchical to: No other components. Dependencies: FDP_IFF.1 Simple security attributes. FDP_IFC.1.1 The TSF shall enforce the [assignment: telephone line information flow SFP] on [assignment: subjects, information, and an operation listed inTable 11 Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
Page 40 of 80
Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
Table 9: Rules governing access
Subject
Operations on objects
Rules governing access
Storing document data
General users can store document data. When the document
data is stored, the document data default ACL associated with
the general user process is copied to the document data ACL
associated with the document data.
Reading document data
A general user process has permission to read document data
if the general user ID associated with the general user process
matches either the document file owner ID or the document
file user ID in the document data ACL associated with the
document data, and if the matched ID has viewing, editing,
editing/deleting, or full control permission.
General
user
process
Deleting document data
A general user process has permission to delete document
data if the general user ID associated with the general user
process matches either the document file owner ID or a
document file user ID in the document data ACL associated
with the document data, and if the matched ID has permission
for editing/deleting or full control permission.
FDP_ACF.1.3 The TSF shall explicitly authorise access of subjects to objects based on the following
additional rules:
[assignment: rules that explicitly grant subject's operations on objects
shown in
Table 10
].
Table 10: Rules governing access explicitly
Subject
Operations on object
Rules governing access
Administrator
process
Deleting document data
When the file administrator is included in administrator roles
that are associated with administrator process, the
administrator process has permission to delete all document
data stored in the D-BOX.
FDP_ACF.1.4
The TSF shall explicitly deny access of subjects to objects based on the
[assignment: no
rules, based on security attributes that explicitly deny access of subjects to objects]
.
FDP_IFC.1
Subset information flow control
Hierarchical to:
No other components.
Dependencies:
FDP_IFF.1 Simple security attributes.
FDP_IFC.1.1
The TSF shall enforce the
[assignment: telephone line information flow SFP] on
[assignment: subjects, information, and an operation listed in
Table 11
]
.