Skip to main content

User roles

User roles help you manage access permissions for both regular and service users.

Each user role includes a functional group of access permissions needed for an overall workflow or job responsibility in DigiCert​​®​​ Trust Lifecycle Manager. Rather than assign access permissions individually, you assign a user role that includes all the access permissions the user needs.

DigiCert​​®​​ Trust Lifecycle Manager provides predefined user roles for common work responsibilities, or you can define your own custom user roles.

Predefined user roles

By default, Account Manager provides the below predefined user roles that you can assign to your regular and service users who need access to DigiCert​​®​​ Trust Lifecycle Manager.

Available user roles depend on whether the user is set up to access a specific account only (account scope) or all accounts (system scope).

Account scope

User role


SSP Manager

Configure the self-service portal.

View only

Read-only access to account data.

Infrastructure admin

View and manage client tools.

Reporting admin

View and manage reports.


Manage account setup (including business units, connectors, and seats), inventory (including certificate profiles, enrollments, and certificates), and reports/logs.

Recovery manager

Recover escrowed certificates.

Import manager

Import certificates from external CAs.

User and certificate manager

Manage seats, enrollments, certificates, and reports.

Certificate profile manager

Manage certificate profiles.

CMDB Integration Config Manager

Add and manage ServiceNow CMDB connectors.

System scope (on-premises installations)

User role


Technical support

Read-only access to account data for technical support purposes.

Read only

Read-only access to user and account setup data.

TLM admin

Superadmin responsible for managing users, accounts, and workflows.


Select any user role by name in Account Manager to see the specific list of access permissions it includes.

Custom user roles

Create custom user roles in DigiCert® Account Manager to define your own functional groups of access permissions.

Give each custom user role a name and select which specific account it applies to (account scope) and which individual access permissions it includes. You can then assign the custom user role to both regular and service users.

To learn more, see Create a custom user role.