Session Selection Example

Table 2-1 provides an example of the difference between a single- and multilevel session. It contrasts a user choosing to operate in a single-level session at SECRET A against the user selecting a multilevel session, also at SECRET A. Note that sensitivity labels are shown in their long form inside square brackets ([]).

The three columns on the left show the user's session selections at login. Note that users set session sensitivity labels for single-level sessions and session clearances for multilevel sessions. (This is a minor distinction that is taken care of by the system; the correct label builder dialog box is always displayed with the choices permitted.)

The two columns on the right show the label values available in the session. The Initial Workspace SL column represents the sensitivity label when the user first enters the Trusted Solaris environment. The Available Sensitivity Labels column lists the sensitivity labels that the user is permitted to switch to in the session.

Table 2-1 How Session Selections Affect Session Values

User Selections			Session Label Values
Session  Type	Session Sensitivity Label	Session Clearance	Initial Workspace SL	Available Sensitivity Labels
single-level	[S A]	--	[S A]	[S A]
multilevel	--	[S A]	[C]	[C], [C A], [S], [S A]

In the first row of the table, the user has selected a single-level session with a session sensitivity label of [S A]. In the Trusted Solaris environment, the user has an initial workspace sensitivity label of [S A] which is also the only sensitivity label at which the user can operate.

In the second row of the table, the user has selected a multilevel session with a session clearance of [S A]. The user's initial workspace sensitivity label is set to [U], that is, a sensitivity label of [UNCLASSIFIED], because that is the lowest possible sensitivity label in the user's account sensitivity label range. The user can switch to any sensitivity label between [U], the minimum, and [S A], the session clearance.