Account user permissions
The purpose of an account user is generally to perform cryptographic actions and sign.
There are two categories of account users. Below is a comparison between the users and service users:
User | Service user | |
---|---|---|
Can access DigiCert® Software Trust Manager UI? | Yes | No |
Can use DigiCert® Software Trust Manager clients? | Yes | Yes |
Can perform cryptographic actions? | Yes | Yes |
Can manage own credentials? | Yes | No |
Who is this user? | A person | An alias and associated email for alerts. Generally used for automation of workflows on a machine such as a build server. |
Nota
Only System users can onboard or provision accounts.
General permissions
Permission | Description |
---|---|
Manage account settings | User can update DigiCert® Software Trust Manager > Accounts > Account settings. |
Manage CertCentral API key | User can delete, disable, enable, setup, update and validate a CertCentral API key. |
Manage my teams | User can view, update, deactivate, and map resources to existing teams that they are part of. |
Manage all teams | User can:
|
View license | User can view licenses for the account. |
View audit log | User can view audit and signature logs in the account. |
Export audit logs | User can export audit logs in the account. Nota |
View signatures | User can view signature logs in the account. |
Certificate permissions
Permission | Description |
---|---|
View certificate | User can view certificate details in the account. |
Generate certificate | User can create a new certificate. Nota |
Import certificate | User can import certificates into the account. Nota |
Revoke certificate | User can revoke certificates in the account. Nota |
Manage certificate hierarchy | User can create, update, approve, reject, suspend, unsuspend, and view certificate hierarchies. Nota |
View certificate profile | User can view certificate profile details in the account. Nota |
Manage certificate profiles | User can:
|
View certificate template | User can view certificate template details in the account. |
Keypair permissions
Permission | Description |
---|---|
View keypair | User can view keypair details in the account. |
Generate keypair | User can create a new keypair. Nota |
Import keypair | User can import keypairs into the account. Nota |
Request keypair export | User can request to export keypairs. Nota |
Approve keypair export | User can approve requests to export keypairs. Nota |
Approve keypair delete | User can approve requests to delete keypairs. Nota |
Manage keypair | User can:
Nota |
Sign | User can sign. Nota
|
Manage master keypair | User can:
Nota |
Release permissions
Permission | Description |
---|---|
View release windows | User can view releases in the account. |
Request release | User can request to create an offline release. Nota |
Approve release window | User can approve requests to create offline releases. Nota |
Threat detection
Permission | Description |
---|---|
View Threat detection | User can view threat detection scans in the account. |
Run Threat detection scans | User can run scans on software using Threat detection. |
Manage threat detection | User can download threat detection reports and assign threat detection reports to projects. |