2.5.4.1 Provide Cryptographic Access Permissions to an Encrypted File
Goals
Grant cryptographic access permissions for a user or Users group by adding a user certificate to a file.
Context of Use
The file owner is setting access permissions to a file.
Actors
Admin Tool: A Microsoft Management Console (MMC) component, which is used by the administrator to configure the storage on the server.
Admin Client: The Admin Client is the primary actor. The Admin Client is code that is running on the administrator's computer. The Admin Client implements client-side protocol components and consumes the storage services that are offered by the storage server. The Admin Client's interest is to correctly interpret, execute, and display the results of the commands that are issued by administrator.
EFS service: The Encrypting File System service is the server-side implementation of the protocol described in [MS-EFSR].
Stakeholders
File owner: The user who as the owner of the file grants access permissions to another user who does not own the file.
User: The user to whom the access permission is granted by the file owner.
Preconditions
The file owner user has identified an encrypted file.
The file owner user has the required EFS certificates.
Main success scenario
Trigger: The file owner requests to grant access permission for a file to a user by using the Admin Tool.
The Admin Tool requests that the Admin Client establish a communication channel to an EFS service of the Storage Services protocols.
The Admin Client contacts the EFS service to modify the metadata of the encrypted file to enable the user to decrypt the file by using the EfsRpcAddUsersToFile method, as described in [MS-EFSR] section 3.1.4.2.10.
The EFS service modifies the metadata as requested by the Admin Client to enable the user to decrypt the file.
Postcondition
The required access permission for the user for the encrypted file has been granted successfully.
Extensions
If the communication channel for the Encrypting File System Remote (EFSRPC) Protocol cannot be established, or it becomes disconnected, the Admin Client attempts to establish a connection multiple times until it fails. Whether the required access to the encrypted file is obtained or not depends on when the connection failed.