FMT_SMR.2 Restrictions on security roles
This component specifies the different roles that the TSF should recognise, and conditions on how those roles could be managed. Often the system distinguishes between the owner of an entity, an administrator and other users.
The conditions on those roles specify the interrelationship between the different roles, as well as restrictions on when the role can be assumed by a user.
Operations
Assignment:
In FMT_SMR.2.1 the PP/ST author should specify the roles that are recognised by the system. These are the roles that users could occupy with respect to security. Examples are: owner, auditor, administrator.
In FMT_SMR.2.3 the PP/ST author should specify the conditions that govern role assignment. Examples of these conditions are: "an account cannot have both the auditor and administrator role" or "a user with the assistant role must also have the owner role".