Ricoh Aficio MP C2800 Security Target - Page 68

SF.DOC_ACC, Document Data Access Control Function, 1.3.1, General User Operations on Document Data

Get Ricoh Aficio MP C2800 PDF manuals and user guides View all Ricoh Aficio MP C2800 manuals
Add to My Manuals
Save this manual to your list of manuals

Page 68 highlights

Page 68 of 80 (2) Registerable password length: General users No fewer than the Minimum Password Length specified by the user administrator (8-32 characters) and no more than 128 characters. Administrators and supervisor No fewer than the Minimum Password Length specified by the user administrator (8-32 characters) and no more than 32 characters. (3) Rule: Passwords that are composed of a combination of characters based on the Password Complexity Setting specified by the user administrator can be registered. The user administrator specifies either Level 1 or Level 2 for Password Complexity Setting. By the above, FIA_SOS.1 (Verification of secrets) and FMT_SMF.1 (Specification of Management Functions) are satisfied. 7.1.3 SF.DOC_ACC Document Data Access Control Function The TOE restricts user access to operations that store, read, and delete document data. The access control function displays only accessible document data on the Operation Panel or client computer where the user authenticated. Availability of document data is based on the roles assigned to the user who has been successfully authenticated by the Identification andAuthentication Function, or the authorisation assigned to the individual user. This section describes the access control function that allows users to access document data based on their user role. Following are the explanations of each functional item in" SF.DOC_ACC Document Data Access Control Function" and their corresponding security functional requirements. 7.1.3.1 General User Operations on Document Data The TOE allows general users to store document data and to readand delete stored document data based on the document data ACL, which contains the IDs of general users who have permission to perform operations on the document data, and the operations permissions of the ID. If a general user ID that is associated with the general user process is registered for a document data ACL, the TOE allows that general user ID to perform operations on the document data according to the permissions assigned to the general user ID in the document data ACL. Table 2 shows the relationship between the operation permissions for document data and operations on document data. Table 28 shows the value of the document data ACL when storing document data. Table 28: Default value for document data ACL Type of document data Document data stored by a general user Default value for document data ACL Document data default ACL Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
Page 68 of 80
Copyright (c) 2009,2010 RICOH COMPANY, LTD. All Rights Reserved.
(2)
Registerable password length:
General users
No fewer than the Minimum Password Length specified by the user administrator (8-32
characters) and no more than 128 characters.
Administrators and supervisor
No fewer than the Minimum Password Length specified by the user administrator (8-32
characters) and no more than 32 characters.
(3)
Rule:
Passwords that are composed of a combination of characters based on the Password
Complexity Setting specified by the user administrator can be registered. The user
administrator specifies either Level 1 or Level 2 for Password Complexity Setting.
By the above, FIA_SOS.1 (Verification of secrets) and FMT_SMF.1 (Specification of Management
Functions) are satisfied.
7.1.3
SF.DOC_ACC
Document Data Access Control Function
The TOE restricts user access to operations that store, read, and delete document data. The access control
function displays only accessible document data on the Operation Panel or client computer where the user
authenticated. Availability of document data is based on the roles assigned to the user who has been
successfully authenticated by the Identification and Authentication Function, or the authorisation assigned to
the individual user. This section describes the access control function that allows users to access document
data based on their user role.
Following are the explanations of each functional item in
" SF.DOC_ACC
Document
Data
Access Control Function" and their corresponding security functional requirements.
7.1.3.1
General User Operations on Document Data
The TOE allows general users to store document data and to readand delete stored document data based on
the document data ACL, which contains the IDs of general users who have permission to perform operations
on the document data, and the operations permissions of the ID. If a general user ID that is associated with
the general user process is registered for a document data ACL, the TOE allows that general user ID to
perform operations on the document data according to the permissions assigned to the general user ID in the
document data ACL.
Table 2 shows the relationship between the operation permissions for document data and operations on
document data.
Table 28 shows the value of the document data ACL when storing document data.
Table 28: Default value for document data ACL
Type of document data
Default value for document data ACL
Document data stored by a general user
Document data default ACL