Page 56 of 93
Copyright (c) 2012 RICOH COMPANY, LTD. All rights reserved.
User jobs No setting of
document data
attribute
Delete MFP
administrator
process
Allows.
FDP_ACF.1.4(a) The TSF shall explicitly deny access of subjects to objects based on the following additional
rules: [assignment: deny the operations on the document data and user jobs in case of
supervisor process or RC Gate process].
FDP_ACF.1(b) Security attribute-based access control
Hierarchical to: No other components.
Dependencies: FDP_ACC.1 Subset access control
FMT_MSA.3 Static attribute initialisation
FDP_ACF.1.1(b) The TSF shall enforce the [assignment: TOE function access control SFP] to objects based
on the following: [assignment: subjects or objects, and their corresponding security
attributes shown in Table 20].
Table 20 : Subjects, Objects and Security Attributes (b)
Category Subjects or Objects Security Attributes
Normal user process - Login user name of normal user
- Available function list
- User role
Supervisor process - User role
Subject
RC Gate process - User role
Object MFP application - Function type
FDP_ACF.1.2(b) The TSF shall enforce the following rules to determine if an operation among controlled
subjects and controlled objects is allowed: [assignment: rule to control operations among
objects and subjects shown in Table 21].
Table 21 : Rule to Control Operations on MFP Applications (b)
Object Operation Subject Rule to control Operations
MFP application Execute Normal user process Allows executing MFP application
which MFP administrator allowed in
available function list for normal user
process.
FDP_ACF.1.3(b) The TSF shall explicitly authorise access of subjects to objects based on the following
additional rules: [assignment: rules that the Fax Reception Function operated using
administrator permission is surely permitted].
To Next Page
Loading...
Need help?
General
