Skip to main content

Account scope (AS) user permissions

The purpose of an account user is generally to perform cryptographic actions and sign.

There are two categories of account users. Below is a comparison between the users and service users:

	User	Service user
Can access DigiCert® KeyLocker UI?	Yes	No
Can use DigiCert® KeyLocker clients?	Yes	Yes
Can perform cryptographic actions?	Yes	Yes
Can manage own credentials?	Yes	No
Who is this user?	A person	An alias and associated email for alerts. Generally used for automation of workflows on a machine such as a build server.

Note

Only System users can onboard or provision accounts.

The following article outlines account user permissions which may be useful if you are creating a custom user role. Alternatively, refer to user roles for a list of preconfigured user roles that allow you to assign permission sets to new and existing users.

General permissions

Permission	User can
Manage CertCentral API key	Delete, disable, enable, setup, update and validate a CertCentral API key.

Certificate permissions

Permission	User can
View certificate	View certificate details for all certificates assigned to them. Note Users with `Manage keypair` permission can view all certificates within the account.
Revoke certificate	Revoke certificates associated with keypairs that they are assigned to. Note Users with `Manage keypair` permission can revoke certificates associated to any keypair within the account.

Keypair permissions

Permission	User can
View keypair	View keypair details in the account.
Manage keypair	Update the keypair alias.
Sign	Sign software with keypairs assigned to them.

In this section:

Was this page helpful?

Provide feedback