[Public Interpretations Database]

I-0147: Administrator Role May Include Operator Functions

 
NUMBER:               I-0147
STATUS:               Approved by CCEVS Management and Mailed to Public Mailing
                      List

TITLE:                Administrator Role May Include Operator Functions
APPROVAL POSTING:     [announce 0423]

EFFECTIVE:            1995-07-11

REQUIREMENT:          Trusted Facility Management
CRITERIA CLASSES:     B2
DOCUMENT(S):          Trusted Facility Manual
RELATED TO:           <None>

STATEMENT:

The following interprets the requirement that ``The TCB shall support separate operator and administrator functions...''

All administrative functions must be assigned to at least one of the available administrative functional positions (operator, administrator, and potentially other administrative roles); however, it is unacceptable to make all administrative functional positions have access to all administrative functions.

PROJECTED IMPACT:

Negligible impact anticipated.

SUPPORT:

The determination of what is an operator function vs. what is an administrator function is explicitly not specified. It is expected that the Trusted Facility Manual will clearly categorize functions as operator and/or administrator. Operator functions are anticipated to be focused on the routine, day-to-day operational activities (e.g., backup, restore, system initialization), whereas administrator functions will be focused more on the administrative activities (account manipulation, overall security policy, etc.)

Although ``A Guide to Understanding Trusted Facility Management'' seems to require non-overlapping administrator and operator roles, such a configuration of duties is often not realistic. The administrator role may be the standard backup to the operator role. Therefore, the administrator functions may include part or all of the operator functions. However, the operator role should be restricted to only those functions that the TFM defines as operator functions.

Note that, at B3-A1, a distinct administrator role is required, and the non-security-relevant functions available to the security administration role must be limited.