Skip to main content

System scope (SS) user permissions

System users are usually a DigiCert employee, unless your instance of DigiCert ONE is self-host. System users have access to the DigiCert​​®​​ Software Trust Manager UI and are responsible for:

  • Onboarding accounts

  • Account provisioning

  • Providing account support

The permissions outlined in this article also apply to service scope system users. However, service scope system users:

  • Do not have access to the DigiCert​​®​​ Software Trust Manager UI.

  • Are only identified by an alias and associated by an email address for alerts.

  • Are responsible for automation of workflows on a machine like a build server.

Note

System users cannot perform cryptographic actions and sign. Also see Account user permissions .

Permission

User can

Notes

Manage CertCentral API key

Delete, disable, enable, setup, update and validate a CertCentral API key.

View audit log

View audit and signature logs in the account.

Export audit logs

Export audit and signature logs in the account.

View audit log is required as an additional permission to export audit logs.

View health

View app health (API).

Permission

User can

Notes

View certificate

View certificate details in the account.

Manage certificate hierarchy

Create, update, approve, reject, suspend, unsuspend, and view certificate hierarchies.

View certificate permission is required as an additional permission to manage certificate hierarchy.

View certificate template

View certificate template details in the account.

Manage certificate template

Create, update, and clone certificate templates.

View certificate template is required as an additional permission to manage certificate templates.

View certificate profile

View certificate profile details in the account.

Manage certificate profiles

  • Create, update, enable, disable, and delete certificate profiles.

  • Update and delete certificates.

View certificate profile is required as an additional permission to manage certificate profiles.

Permission

User can

Notes

View keypair

View keypair details in the account.

Import keypair

Import keypairs into the account.

View keypair is required as an additional permission to import keypairs.

Manage keypair

  • Update, suspend or unsuspend keypairs.

  • Create, update, enable, and disable keypair profiles.

  • Create and update user groups.

  • Create, update, and refresh key rotation.

  • Generate a CSR

View keypair is required as an additional permission to manage keypairs.

Permission

User can

View release

View releases in the account.