This family reduces the likelihood of damage resulting from users abusing their authority by taking actions outside their assigned functional responsibilities. It also addresses the threat that inadequate mechanisms have been provided to securely administer the TSF.
This family requires that information be maintained to identify whether a user is authorised to use a particular security-relevant administrative function.
Some management actions can be performed by users, others only by designated people within the organisation. This family allows the definition of different roles, such as owner, auditor, administrator, daily-management.
The roles as used in this family are security related roles. Each role can encompass an extensive set of capabilities (e.g. root in UNIX), or can be a single right (e.g. right to read a single object such as the helpfile). This family defines the roles. The capabilities of the role are defined in FMT_MOF, FMT_MSA and FMT_MTD.
Some type of roles might be mutually exclusive. For example the daily-management might be able to define and activate users, but might not be able to remove users (which is reserved for the administrator (role)). This class will allow policies such as two-person control to be specified.