Page 40 of 81
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.
Table 7: List of subjects, objects, and operations among subjects and objects
Subjects Objects Operations among subjects and objects
Administrator process Document data Deleting document data
General user process Document data
Storing document data
Reading document data
Deleting document data
FDP_ACF.1 Security attribute based access control
Hierarchical to: No other components.
Dependencies: FDP_ACC.1 Subset access control
FMT_MSA.3 Static attribute initialisation.
FDP_ACF.1.1 The TSF shall enforce the [assignment: MFP access control SFP] to objects based on the
following: [assignment: subjects or objects, and their corresponding security attributes
shown Table8].
Table 8: Subjects, objects and security attributes
Types Subjects or objects Security attributes
Subject Administrator process
- Administrator IDs
- Administrator roles
Subject General user process
- General user ID
- Document data default ACL
Object Document data - Document data ACL
FDP_ACF.1.2 The TSF shall enforce the following rules to determine if an operation among controlled
subjects and controlled objects is allowed: [assignment: rules governing subject
operations on objects and access to the operations shown in Table9].
Table 9: Rules governing access
Subject Operations on objects Rules governing access
Storing document data
General users can store document data. When the document
data is stored, the document data default ACL associated with
the general user process is copied to the document data ACL
associated with the document data.
General user
process
Reading document data
A general user process has permission to read document data
if the general user ID associated with the general user process
matches either the document file owner ID or the document
file user ID in the document data ACL associated with the
document data, and if the matched ID has viewing, editing,
editing/deleting, or full control permission.
To Next Page
Loading...
