CRP-C0266-01
9
(file administrators) such as management of the document data ACL, management of
administrator information, etc.)
Whatever the contents of the document data ACL are, the administrator (file
administrator) is allowed to delete all the document data and modify all document data
ACL (newly create the document file users, delete the document file users, change the
operational authorities and document file owners).
As mentioned above, the administrator (file administrator) is allowed to delete the
document data of the document server function for all the document data. However, the
administrator (file administrator), according to the assumption "A.ADMIN (Conditions
of Administrators)", must not illegally exploit their privileges for malicious purposes in
the administrator's work. Therefore, in this case, T.UNAUTH_ACCESS, by which
authorised TOE users may breach the limits of authorised usage and access document
data, is an exception.
4) Administrator (User Administrator, Machine Administrator, and Network
Administrator)
The administrator (User Administrator, Machine Administrator, and Network
Administrator) is permitted to use the following Basic Functions and the Security
Functions:
Basic Functions:
> Web Service Function
> Management Function
Security Functions:
> Security Management Function
(The parts of the Security Management Functions that are permitted for administrators
(user administrators, machine administrators, and network administrators) such as
management of administrator information, management of general user information,
management of machine control data, etc.)
The administrator (User Administrator, Machine Administrator, and Network
Administrator) is a user who manages general user information, audit logs, and network
connections.
As mentioned above, T.UNAUTH_ACCESS, by which authorised TOE users may breach
the limits of authorised usage and access document data, may be possible for general
users. Although all general users are identified and authenticated by the user's ID and
password and the scope of operations on the document data are restricted by the
document data ACL. Therefore, T.UNAUTH_ACCESS is countered by the user
identification and authentication and the access control of protected assets.
(3) Countermeasures against the threat T.ABUSE_SEC_MNG
T.ABUSE_SEC_MNG, in which users not authorised for Security Management Functions
may abuse, is countered by the user identification and authentication, the security
management, and the audit as follows.
For the identification and authentication of the MFP users, "(1) Threat Countermeasures
against T.ILLEGAL_USE", and "(2) Threat Countermeasures against T.UNAUTH_ACCESS"
are as described.
(231 paginas)
Manymanuals.com
Manymanuals.de
Manymanuals.fr
Manymanuals.it
Manymanuals.pl
Manymanuals.cz
Manymanuals.es
Manymanuals-pt.com
Comentarios a estos manuales