Figure 3-10
This process flow diagram describes how labels are evaluated for write access with COMPACCESS privilege. There are three successive tests by which a label may be evaluated for write access, when the user has COMPACCESS privilege:
Test 1: Levels. Is the data level equal to or less than the user level? No. Access is denied. Yes. Is the data level equal to or greater than the user minimum level? If no, access is denied. If yes, then proceed to Test 2.
Test 2: Groups. Does the data have groups? No. Proceed to Test 3, Case A. Yes. Does the user have at least one group with write access? If no, proceed to Test 3, Case B. If yes, proceed to Test 3, Case C.
Test 3: Compartments. Does the data have compartments? Case A: No. Access is granted. Yes. Does the user have all compartments with write access? If yes, access is granted. If no, access is denied. Case B: No. Access is denied. Yes. Does the user have all compartments with write access? If yes, access is granted. If no, access is denied. Case C: No. Access is granted. Yes. Does the user have all compartments? If yes, access is granted. If no, access is denied.