Skip to main content

Account scope (AS) user permissions

The purpose of an account user is generally to perform cryptographic actions and sign.

There are two categories of account users. Below is a comparison between the users and service users:

User

Service user

Can access DigiCert​​®​​ KeyLocker UI?

Yes

No

Can use DigiCert​​®​​ KeyLocker clients?

Yes

Yes

Can perform cryptographic actions?

Yes

Yes

Can manage own credentials?

Yes

No

Who is this user?

A person

An alias and associated email for alerts. Generally used for automation of workflows on a machine such as a build server.

Note

Only System users can onboard or provision accounts.

The following article outlines account user permissions which may be useful if you are creating a custom user role. Alternatively, refer to user roles for a list of preconfigured user roles that allow you to assign permission sets to new and existing users.

Permission

User can

Notes

Manage CertCentral API key

Delete, disable, enable, setup, update and validate a CertCentral API key.

Permission

User can

Notes

View certificate

View certificate details for all certificates assigned to them.

Users with Manage keypair permission can view all certificates within the account.

Revoke certificate

Revoke certificates associated with keypairs that they are assigned to.

Users with Manage keypair permission can revoke certificates associated to any keypair within the account.

Permission

User can

Notes

View keypair

View keypair details in the account.

Manage keypair

Update the keypair alias.

Sign

Sign software with keypairs assigned to them.