Permitted object accesses by sessions

The following table summarizes the kind of access each type of session has to each type of object. A given type of session has either read-only access, read/write access, or no access whatsoever to a given type of object.

Note that creating or deleting an object requires read/write access to it, e.g., a "R/O User Functions" session cannot create or delete a token object.

Table 6, Access to Different Types Objects by Different Types of Sessions
Type of session

Type of object R/O Public R/W Public R/O User R/W User R/W SO

Public session object R/W R/W R/W R/W R/W

Private session object R/W R/W

Public token object R/O R/W R/O R/W R/W

Private token object R/O R/W

As previously indicated, the access to a given session object which is shown in Table 6 is limited to sessions belonging to the application which owns that object (i.e., which created that object).

RSA Security Inc. Public-Key Cryptography Standards - PKCS#11 - v210

	Type of session
Type of object	R/O Public	R/W Public	R/O User	R/W User	R/W SO
Public session object	R/W	R/W	R/W	R/W	R/W
Private session object			R/W	R/W
Public token object	R/O	R/W	R/O	R/W	R/W
Private token object			R/O	R/W