Session Selection Example
Table 2-1 provides an example of the difference between a single- and multilevel session. It contrasts a user choosing to operate in a single-level session at SECRET A against the user selecting a multilevel session, also at SECRET A. Note that labels are shown in their long form inside square brackets ([]).
The three columns on the left show the user's session selections at login. Note that users set session labels for single-level sessions and session clearances for multilevel sessions. (This is a minor distinction that is taken care of by the system; the correct label builder dialog box is always displayed with the choices permitted.)
The two columns on the right show the label values available in the session. The Initial Workspace label column represents the label when the user first enters the Trusted Solaris environment. The Available Labels column lists the labels that the user is permitted to switch to in the session.
Table 2-1 How Session Selections Affect Session Values|
User Selections |
Session Label Values |
|||
|---|---|---|---|---|
|
Session Type |
Session Label |
Session Clearance |
Initial Workspace Label |
Available Labels |
|
single-level |
[S A] |
-- |
[S A] |
[S A] |
|
multilevel |
-- |
[S A] |
[C] |
[C], [C A], [S], [S A] |
In the first row of the table, the user has selected a single-level session with a session label of [S A]. In the Trusted Solaris environment, the user has an initial workspace label of [S A] which is also the only label at which the user can operate.
In the second row of the table, the user has selected a multilevel session with a session clearance of [S A]. The user's initial workspace label is set to [U], that is, a label of [UNCLASSIFIED], because that is the lowest possible label in the user's account label range. The user can switch to any label between [U], the minimum, and [S A], the session clearance.
- © 2010, Oracle Corporation and/or its affiliates