Family behaviour
This family is intended to control the assignment of different roles to users. The capabilities of these roles with respect to security management are described in the other families in this class.
Component levelling
FMT_SMR.1 Security roles specifies the roles with respect to security that the TSF recognises.
FMT_SMR.2 Restrictions on security roles specifies that in addition to the specification of the roles, there are rules that control the relationship between the roles.
FMT_SMR.3 Assuming roles requires that an explicit request is given to the TSF to assume a role.
Management: FMT_SMR.1
The following actions could be considered for the management functions in FMT Management:
a) managing the group of users that are part of a role.
Management: FMT_SMR.2
The following actions could be considered for the management functions in FMT Management:
a) managing the group of users that are part of a role;
b) managing the conditions that the roles must satisfy.
Management: FMT_SMR.3
There are no additional management activities foreseen for this component.
Audit: FMT_SMR.1
The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP / ST:
a) Minimal: modifications to the group of users that are part of a role;
b) Detailed: every use of the rights of a role.
Audit: FMT_SMR.2
The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP / ST:
a) Minimal: modifications to the group of users that are part of a role;
b) Minimal: unsuccessful attempts to use a role due to the given conditions on the roles;
c) Detailed: every use of the rights of a role.
Audit: FMT_SMR.3
The following actions should be auditable if FAU_GEN Security audit data generation is included in the PP / ST:
a) Minimal: explicit request to assume a role.