Exercise

Carol manages who can access the printer. Alice is member of staff, and can access the printer. When Alice is not available, she can delegate her printer privilege to her intern, Bob.

Carole is allowed to define policies related to the printer:

P3: Permit if AND(DELEGATE_Carole, DEL-RESOURCE_printer)

Carole can now issue a policy, for instance indicating that Alice can define a policy for the printer and for Bob:

P4[Carole]: Permit if AND(DELEGATE_Alice, DEL-RESOURCE_printer, DEL-USER_Bob)

Alice can now issue her policy:

P5[Alice]: Permit if AND(RESOURCE_printer,USER_Bob)

Anybody can issue policies, so for instance Jack could issue a policy giving access to the scanner to all interns.

P6[Jack]: Permit if AND(RESOURCE_scanner,GROUP_intern)

• Can Bob access the printer?
• Can an intern access the scanner?