Figure 3-9
This process flow diagram describes how labels are evaluated for read
access with COMPACCESS privilege. There are three successive tests in which
a label may be evaluated for read access when the user has COMPACCESS privilege:
Test 1: Levels. Is the data level equal to or less than the
user level? No. Access is denied. Yes. Proceed to Test 2.
Test 2: Groups. Does the data have groups? No. Proceed
to Test 3, Case A. Yes. Does the user have at least one group? If
no, proceed to Test 3, Case B. If yes, proceed to Test 3,
Case A.
Test 3: Compartments. Does the data have compartments? Case
A. No. Access is granted. Yes. Does the user have all
the compartments? If no, access is denied. If yes, access
is granted. Case B. No. Access is denied. Yes. Does
the user have all the compartments? If no, access is denied.
If yes, access is granted.