Lead (AS)
The DigiCert® Software Trust Manager Lead is the highest account scope (AS) role. Assign this role to users responsible for managing cryptographic assets, enforcing policies, monitoring compliance for users in the account.
Permissions
The Software Trust Manager Lead role has the following permissions assigned:
Category | Permission | User can | Notes |
---|---|---|---|
User settings | Default | View their own user profile and generate their own API key and client authentication certificate in DigiCert ONE. | |
Account settings | Manage account settings | Update Software Trust Manager > Accounts > Account settings. | |
Manage CertCentral API key | Delete, disable, enable, setup, update and validate a CertCentral API key. | ||
Teams | Manage all teams |
| |
Audit logs | View audit log | View audit and signature logs in the account. | |
Export audit logs | Export audit and signature logs in the account. |
| |
Certificates | Manage certificate hierarchy | View and create hierarchies. They can also activate and deactivate restricted hierarchies. | |
Manage certificate profiles |
| ||
View certificate profile | View certificate profiles created by the user. | ||
View certificate template | View certificate template details in the account. | ||
Generate certificate | Create a new certificate using keypairs that they are assigned to. | Users with | |
Import certificate | Import certificates for keypairs that they are assigned to. | Users with | |
Revoke certificate | Revoke certificates associated with keypairs that they are assigned to. | Users with | |
View certificate | View certificate details for all certificates assigned to them. | Users with | |
Keypairs | Request keypair export | Request to export keypairs that they are assigned to. | Users with |
Approve keypair export | Approve requests to export keypairs that they are assigned to. | Users with | |
Approve keypair delete | Approve requests to delete keypairs that they are assigned to. | Users with | |
Import keypair | Import keypairs into the account. | To import a GPG secring, | |
Generate keypair | Create a new keypair. | ||
View keypair | View keypairs and key rotations relying on keypairs assigned to them. | Users with | |
Manage keypair |
| ||
Manage master GPG key |
| Users with Users with Users with | |
Signatures | Sign | Sign software with keypairs assigned to them. | |
Releases | View release | View all releases in the account. | |
Request release | Request to create an offline release. | ||
Approve release | Create a release and approve or reject requests to create offline releases. | ||
Threat detection | Manage threat detection | Download threat detection reports and assign threat detection scans to projects. |