Skip to main content

Account user permissions

The purpose of an account user is generally to perform cryptographic actions and sign.

There are two categories of account users. Below is a comparison between the users and service users:

User

Service user

Can access DigiCert​​®​​ Software Trust Manager UI?

Yes

No

Can use DigiCert​​®​​ Software Trust Manager clients?

Yes

Yes

Can perform cryptographic actions?

Yes

Yes

Can manage own credentials?

Yes

No

Who is this user?

A person

An alias and associated email for alerts. Generally used for automation of workflows on a machine such as a build server.

Nota

Only System users can onboard or provision accounts.

General permissions

Permission

Description

Manage account settings

User can update DigiCert​​®​​ Software Trust Manager > Accounts > Account settings.

Manage CertCentral API key

User can delete, disable, enable, setup, update and validate a CertCentral API key.

Manage my teams

User can view, update, deactivate, and map resources to existing teams that they are part of.

Manage all teams

User can:

  • Create new teams.

  • View, update, deactivate, delete, and map resources to existing teams.

View license

User can view licenses for the account.

View audit log

User can view audit and signature logs in the account.

Export audit logs

User can export audit logs in the account.

Nota

View audit log is required as an additional permission to be able to export audit logs.

View signatures

User can view signature logs in the account.

Certificate permissions

Permission

Description

View certificate

User can view certificate details in the account.

Generate certificate

User can create a new certificate.

Nota

View certificate and View keypair permission is required as an additional permission to be able to generate a certificate.

Import certificate

User can import certificates into the account.

Nota

View certificate and View keypair permission is required as an additional permission to be able to import a certificate.

Revoke certificate

User can revoke certificates in the account.

Nota

View certificate permission is required as an additional permission to be able to revoke a certificate.

Manage certificate hierarchy

User can create, update, approve, reject, suspend, unsuspend, and view certificate hierarchies.

Nota

View certificate permission is required as an additional permission to be able to manage certificate hierarchy.

View certificate profile

User can view certificate profile details in the account.

Nota

View certificate profile is required as an additional permission to manage certificate profiles.

Manage certificate profiles

User can:

  • Create, update, enable, disable, and delete certificate profiles.

  • Update and delete certificates.

View certificate template

User can view certificate template details in the account.

Keypair permissions

Permission

Description

View keypair

User can view keypair details in the account.

Generate keypair

User can create a new keypair.

Nota

View keypair is required as an additional permission to generate a keypair.

Import keypair

User can import keypairs into the account.

Nota

View keypair is required as an additional permission to import a keypair.

Request keypair export

User can request to export keypairs.

Nota

View keypair is required as an additional permission to request a keypair export.

Approve keypair export

User can approve requests to export keypairs.

Nota

View keypair is required as an additional permission to approve a keypair export.

Approve keypair delete

User can approve requests to delete keypairs.

Nota

View keypair is required as an additional permission to delete a keypair.

Manage keypair

User can:

  • Update, suspend or unsuspend keypairs.

  • Create, update, enable, and disable keypair profiles.

  • Create and update user groups.

  • Create, update, and refresh key rotation.

  • Generate a CSR

Nota

View keypair is required as an additional permission to manage keypairs.

Sign

User can sign.

Nota

  • View keypair is required as an additional permission to sign by referencing the keypair in your command when it has a default certificate.

  • View certificate is required as an additional permission to sign by referencing the certificate in your command.

Manage master keypair

User can:

  • Create GPG master key

  • Update, import, delete, generate, revoke, suspend, unsuspend a master key.

  • Sign and create subkeys.

Nota

View keypair is required as an additional permission to manage GPG keys.

Release permissions

Permission

Description

View release windows

User can view releases in the account.

Request release

User can request to create an offline release.

Nota

View release windows is required as an additional permission to request an offline releases.

Approve release window

User can approve requests to create offline releases.

Nota

View release windows is required as an additional permission to approve or create an offline releases.

Threat detection

Permission

Description

View Threat detection

User can view threat detection scans in the account.

Run Threat detection scans

User can run scans on software using Threat detection.

Manage threat detection

User can download threat detection reports and assign threat detection reports to projects.

En esta sección: