Account user permissions
The purpose of an account user is generally to perform cryptographic actions and sign.
There are two categories of account users. Below is a comparison between the users and service users:
User | Service user | |
|---|---|---|
Can access DigiCert® KeyLocker UI? | Yes | No |
Can use DigiCert® KeyLocker clients? | Yes | Yes |
Can perform cryptographic actions? | Yes | Yes |
Can manage own credentials? | Yes | No |
Who is this user? | A person | An alias and associated email for alerts. Generally used for automation of workflows on a machine such as a build server. |
Note
Only System users can onboard or provision accounts.
The following article outlines account user permissions which may be useful if you are creating a custom user role. Alternatively, refer to user roles for a list of preconfigured user roles that allow you to assign permission sets to new and existing users.
Tip
The permission descriptions below assume that the Teams feature is not enabled on your account. If teams are enabled on your account, refer to Teams permissions for more information.
General permissions
Permission | User can |
|---|---|
Manage CertCentral API key | Delete, disable, enable, setup, update and validate a CertCentral API key. |
Certificate permissions
Permission | User can |
|---|---|
View certificate | View certificate details for all certificates assigned to them. NoteUsers with |
Revoke certificate | Revoke certificates associated with keypairs that they are assigned to. NoteUsers with |
Keypair permissions
Permission | User can |
|---|---|
View keypair | View keypair details in the account. |
Manage keypair | Update the keypair alias. |
Sign | Sign software with keypairs assigned to them. |