Skip to main content

System scope (SS) user permissions

System users are usually a DigiCert employee, unless your instance of DigiCert ONE is self-host. System users have access to the DigiCert​​®​​ Software Trust Manager UI and are responsible for:

  • Onboarding accounts

  • Account provisioning

  • Providing account support

The permissions outlined in this article also apply to service scope system users. However, service scope system users:

  • Do not have access to the DigiCert​​®​​ Software Trust Manager UI.

  • Are only identified by an alias and associated by an email address for alerts.

  • Are responsible for automation of workflows on a machine like a build server.

Nota

System users cannot perform cryptographic actions and sign. Also see Account user permissions .

General permissions

Permission

User can

Manage CertCentral API key

Delete, disable, enable, setup, update and validate a CertCentral API key.

View audit log

View audit and signature logs in the account.

Export audit logs

Export audit and signature logs in the account.

Nota

View audit log is required as an additional permission to to export audit logs.

View health

View app health (API).

Certificate permissions

Permission

User can

View certificate

View certificate details in the account.

Manage certificate hierarchy

Create, update, approve, reject, suspend, unsuspend, and view certificate hierarchies.

Nota

View certificate permission is required as an additional permission to manage certificate hierarchy.

View certificate template

View certificate template details in the account.

Manage certificate template

Create, update, and clone certificate templates.

Nota

View certificate template is required as an additional permission to manage certificate templates.

View certificate profile

View certificate profile details in the account.

Manage certificate profiles

  • Create, update, enable, disable, and delete certificate profiles.

  • Update and delete certificates.

Nota

View certificate profile is required as an additional permission to manage certificate profiles.

Keypair permissions

Permission

User can

View keypair

View keypair details in the account.

Import keypair

Import keypairs into the account.

Nota

View keypair is required as an additional permission to import keypairs.

Manage keypair

  • Update, suspend or unsuspend keypairs.

  • Create, update, enable, and disable keypair profiles.

  • Create and update user groups.

  • Create, update, and refresh key rotation.

  • Generate a CSR

Nota

View keypair is required as an additional permission to manage keypairs.

Release permissions

Permission

User can

View release

View releases in the account.