Sf.doc_Acc Document Data Access Control Function; General User Operations On Document Data - Ricoh Aficio MP 8001 Manual

Upper-case letters: [A-Z] (26 letters)
Lower-case letters: [a-z] (26 letters)
Numbers: [0-9] (10 digits)
Symbols: SP (space) ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` { | } ~ (33 symbols)
(2) Registerable password length:
General users
No fewer than the Minimum Password Length specified by the user administrator (8-32
characters) and no more than 128 characters.
Administrators and a supervisor
No fewer than the Minimum Password Length specified by the user administrator (8-32
characters) and no more than 32 characters.
(3) Rule:
Passwords that are composed of a combination of characters based on the Password Complexity
Setting specified by the user administrator can be registered. The user administrator specifies
either Level 1 or Level 2 for Password Complexity Setting.
By the above, FIA_SOS.1 (Verification of secrets) and FMT_SMF.1 (Specification of Management
Functions) are satisfied.
7.1.3 SF.DOC_ACC
The TOE restricts user access to operations that store, read, and delete document data. The access control
function displays only accessible document data on the Operation Panel or client computer where the user
authenticated. Availability of document data is based on the roles assigne d to the user who has been
successfully authenticated by the Identification and Authentication Function, or the authorisation assigned
to the individual user. This section describes the access control function that allows users to access
document data based on their user role.
Following are the explanations of each functional item in "SF.DOC_ACC
Access Control Function" and their corresponding security functional requirements.
7.1.3.1

General User Operations on Document Data

The TOE allows general users to store document data and to read and delete stored document data based on
the document data ACL, which contains the IDs of general users who have permission to perform
operations on the document data, and the operations permissions of the ID. If a general user ID that is
associated with the general user process is registered for a document data ACL, the TOE allows that general
user ID to perform operations on the document data according to the permissions assi g ned to the general
user ID in the document data ACL.
Table 3 shows the relationship between the operation permissions for document data and operations on
document data.
Table 29 shows the value of the document data ACL when storing document data.
Copyright (c) 2010 RICOH COMPANY, LTD. All Rights Reserved.
Document Data Access Control Function
Page 70 of 82
Document Data