Figure 3-8
This process flow diagram describes how labels are evaluated for write access. There are three successive tests in which a label may be evaluated for write access:
Test 1: Levels. Is the data level equal to or less than the user level? No. Access is denied. Yes. Is the data level equal to or greater than the user minimum level? If no, access is denied. If yes, proceed to Test 2.
Test 2: Groups. Does the data have groups? No. Proceed to Test 3, Case A. Yes. Does the user have at least one group with write access? If no, access is denied. If yes, proceed to Test 3, Case B.
Test 3: Compartments. Does the data have compartments? Case A: No. Access is granted. Yes. Does the user have all the compartments with write access? If no, access is denied. If yes, access is granted. Case B. No. Access is granted. Yes. Does the user have all the compartments? If no, access is denied. If yes, access is granted.