Page 71 of 81
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.
- General users with full control authorisation
If the logged-in user is a file administrator, the TOE allows that user to perform operations on all document
data ACLs, including changing document file owners and their access rights, and newly registering and
deleting document file users and changing their access rights.
If the logged-in user is a general user, the TOE allows that user to perform operations only on document data
ACLs for which the user has full control authorisation. These operations are changing the document file
owner's operation permissions for the document data, and newly registering and deleting document file users
and changing their operation permissions. However, even if full control authorisation is not set for document
file owners, document file owners can still perform operations on the document data ACLs of their own
document data. These operations include changing the document file owner's operation permissions for the
document data, newly registering and deleting document file users, and changing the document file users'
operation permissions for the document data.
By the above, FMT_MSA.1 (Management of security attributes), FMT_MSA.3 (Static attribute
initialisation), and FMT_SMF.1 (Specification of management functions) are satisfied.
7.1.4.2 Management of Administrator Information
Management of administrator information allows only specified users to perform operations on administrator
information from the Operation Panel or Web Service Function.
Administrator information includes administrator IDs, administrator authentication information, and
administrator roles. Operations on administrator information include creation of new administrators,
querying and changing administrator IDs, changing administrator authentication information, and querying,
adding and deleting administrator roles. Table 30 shows the relationship between the operations on
administrator information and the users authorised for operations on administrator information.
Table 30: Access to administrator information
Operations on administrator
information
Authorised users
Creation of new administrator IDs Administrators
Change administrator IDs Administrators themselves
Query administrator IDs Administrators themselves, supervisor
Change administrator
authentication information
Administrators themselves, supervisor
Add and query administrator roles Administrators already assigned that administrator role
Delete administrator roles
Administrators already assigned that administrator role
(However, no administrator roles can be deleted unless these roles
are assigned to another administrator.)
If the logged-in user is an administrator or supervisor, the TOE allows that user to perform the operations
shown in Table 30, respectively.
By the above, FIA_USB.1 (User-subject binding), FMT_MSA.1 (Management of security attributes),
To Next Page
Need help?
Power
Engine Specifications
Weight and Dimensions
