Figure 3-8
This process flow diagram describes how labels are evaluated for write
access. There are three successive tests in which a label may be evaluated
for write access:
Test 1: Levels. Is the data level equal to or less than the
user level? No. Access is denied. Yes. Is the data
level equal to or greater than the user minimum level? If no, access is
denied. If yes, proceed to Test 2.
Test 2: Groups. Does the data have groups? No. Proceed
to Test 3, Case A. Yes. Does the user have at least one group with
write access? If no, access is denied. If yes, proceed to
Test 3, Case B.
Test 3: Compartments. Does the data have compartments? Case
A: No. Access is granted. Yes. Does the user have all
the compartments with write access? If no, access is denied. If
yes, access is granted. Case B. No. Access is granted.
Yes. Does the user have all the compartments? If no,
access is denied. If yes, access is granted.