Next: Lifetime Limits
Up: Separation of Administration Duty
Previous: Assign Roles
Some special rights to types have been defined:
- ADMIN:
- Administrate this type, i.e., change type name or remove type.
- ASSIGN:
- Assign this type to objects. Additionally, MODIFY_ATTRIBUTE
to the previous type of the object is needed.
- ACCESS_CONTROL:
- Change type compatibility settings for this type and
all requests, which are no special rights.
- SUPERVISOR:
- Change type compatibility settings for this type for
all special rights.
If no role has SUPERVISOR right or Admin Type set to Role Admin,
the special right settings can no longer be changed.
- specialrights := {ADMIN, ASSIGN, ACCESS_CONTROL, SUPERVISOR}
- administratetype(p:process, t:type) := process p administrates type t
at time n
- assigntype(p:process, t:type, o:object) := process p assigns the type
t to object o at time n
- changetypecomp(p:process, r:role, t:type, a:access_type)
:= process p adds or removes access type a to or from
the type compatibility set of role r to type t at time n
Next: Lifetime Limits
Up: Separation of Administration Duty
Previous: Assign Roles
Amon Ott