Account scope (AS) user permissions
The purpose of an account user is generally to perform cryptographic actions and sign.
There are two categories of account users. Below is a comparison between the users and service users:
User | Service user | |
---|---|---|
Can access DigiCert® Software Trust Manager UI? | Yes | No |
Can use DigiCert® Software Trust Manager clients? | Yes | Yes |
Can perform cryptographic actions? | Yes | Yes |
Can manage own credentials? | Yes | No |
Who is this user? | A person | An alias and associated email for alerts. Generally used for automation of workflows on a machine such as a build server. |
Note
Only System users can onboard or provision accounts.
The following article outlines account user permissions which may be useful if you are creating a custom user role. Alternatively, refer to user roles for a list of preconfigured user roles that allow you to assign permission sets to new and existing users.
Astuce
The permission descriptions below assume that the Teams feature is not enabled on your account. If teams are enabled on your account, refer to Teams permissions for more information.
General permissions
Permission | User can |
---|---|
Manage account settings | Update Software Trust Manager > Accounts > Account settings. |
Manage CertCentral API key | Delete, disable, enable, setup, update and validate a CertCentral API key. |
Manage all teams |
|
Manage my teams | View, update, deactivate, and map resources to existing teams that they are part of, provided that they have relevant resource permissions. |
View audit log | View audit and signature logs in the account. |
Export audit logs | Export audit and signature logs in the account. Note |
Certificate permissions
Permission | User can |
---|---|
View certificate | View certificate details for all certificates assigned to them. Note Users with |
Generate certificate | Create a new certificate using keypairs that they are assigned to. Note Users with |
Import certificate | Import certificates for keypairs that they are assigned to. Note Users with |
Revoke certificate | Revoke certificates associated with keypairs that they are assigned to. Note Users with |
Manage certificate hierarchy | View and create hierarchies. They can also activate and deactivate restricted hierarchies. |
View certificate profile | View certificate profiles created by the user. |
Manage certificate profiles |
|
View certificate template | View certificate template details in the account. |
Keypair permissions
Permission | User can |
---|---|
View keypair | View keypairs and key rotations relying on keypairs assigned to them. Note Users with |
Generate keypair | Create a new keypair. |
Import keypair | Import keypairs into the account. Note To import a GPG secring, |
Request keypair export | Request to export keypairs that they are assigned to. Note Users with |
Approve keypair export | Approve requests to export keypairs that they are assigned to. Note Users with |
Approve keypair delete | Approve requests to delete keypairs that they are assigned to. Note Users with |
Manage keypair |
|
Sign | Sign software with keypairs assigned to them. |
Manage master GPG key |
|
Release permissions
Permission | Description |
---|---|
View release | View all releases in the account. |
Request release | Request to create an offline release. |
Approve release | Create a release and approve or reject requests to create offline releases. |
Threat detection
Permission | Description |
---|---|
View Threat detection | View all threat detection scans in the account. |
Run Threat detection scans | Scan software using Threat detection. |
Manage threat detection | Download threat detection reports and assign threat detection scans to projects. |