Versions Compared

Old Version 13

changes.mady.by.user Ylva Andersson

Saved on

compared with

New Version Current

changes.mady.by.user Josefin Klang

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: CM 8.10: Added and removed roles in “Registration officer roles” and added a new role under “Administration officer roles”
Info

This article includes updates for Certificate Manager 8.

6.1

10.

This article provides an overview of the officers, roles, and officer profiles in Smart ID Certificate Manager (CM). 

...

The following general officer types are available, to separate administrative from operational duties and for establishing a secure connection from client to server:

  • Administration officers

  • Registration officers

The available roles for each officer type are listed below.

...

Administration officers are responsible for administering the security policies of CM, for example setting up CA policies and auditing. The following administration roles are available in the Administrator's workbench (AWB) client:

  • Use AWB

  • Manual build of CRL and CIL

  • Audit tasks

  • Domain tasks

  • CA and Key tasks

  • Policy tasks

  • Officer tasks

  • Domain tasks

  • Profile tasks

  • Audit

    Configuration tasks

    Configuration

  • Signing Authority and SA Key tasks

Registration officer roles

...

The following roles are available: 

  • Use

    clients

    Clients

  • Issue certificate

  • Issue attribute certificate

  • Recover key

  • Manage OCSP Activation

  • Manage Revocation password

  • Manage user data retention

  • Publish certificate

  • Republish failed distribution

  • Revoke certificate

  • Revoke certificate with password

    Issue attribute certificate

  • Revoke attribute certificate

  • Revoke attribute certificate with password

  • Publish certificate
  • Republish failed distribution

    Export search results

  • Create batch

  • Claim batch

  • Manage PIN letters

  • Signing Authority Requests

The previous role Publish certificate with password has been replaced by the combined roles Publish certificate and Manage revocation password

...

.

Authentication officer roles

Authentication officers have restricted rights, not permitting an unattended service to do other tasks than establishing the TLS connection between the client application and the CM server, listing of certificates, and the forwarding of certification requests signed by a registration officer.

The following role is available:

  • Use clients

Read-only officer roles

Read-only officers access is restricted to viewing inside the AWB client. They cannot perform operations such as manual building of CRLs and CILs, configuring CA Policies or auditing. This officer type has only the Use AWB role:

  • Use AWB

Supplementary roles

It is also possible to define supplementary roles. These customer specific roles will appear in the list of available roles only if this feature has been configured. CM SDK is required to make use of supplementary roles. See the Developer's Guide for more details.

Additional constraints

In addition to the roles, there are several other constraints that can be used to limit officer permissions, for example that an officer is only allowed to handle specific CAs, CA policies, and certificate content, for example only certificates for a certain organization. 

...

Additional information

Expand
titleUseful links