Clearance Labels

The security administrator assigns a clearance to each user. A clearance is a label that defines the upper boundary of a label range. For example, if you have a clearance of SECRET, you can access information that is classified at this level or lower, but not information that is classified at a higher level. A user clearance is assigned by the security administrator. It is the highest label at which a user can access files and initiate processes during a session. In other words, a user clearance is the upper boundary of a user's account label range. At login, a user selects his session clearance. The session clearance determines which labels a user can access. The session clearance sets the least upper bound at which the user can access files and initiate processes during that login session. The session clearance is dominated by the user clearance.