Skip to main content

Software Trust Manager user roles

Assign one or more roles to a Software Trust Manager user when you add or update the user.

For DigiCert ONE cloud customers, these roles are available in your account.

The DigiCert​​®​​ Software Trust Manager Lead is the highest account scope (AS) role. Assign this role to users responsible for managing cryptographic assets, enforcing policies, monitoring compliance for users in the account.

Category

Permission

User can

Notes

User settings

Default

View their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.

Account settings

Manage account settings

Update Software Trust Manager > Accounts > Account settings.

Manage CertCentral API key

Delete, disable, enable, setup, update and validate a CertCentral API key.

Teams

Manage all teams

  • Create teams.

  • View, update, deactivate, delete, and assign resources to all teams within the account, provided that they have relevant resource permissions.

Audit logs

View audit log

View audit and signature logs in the account.

Export audit logs

Export audit and signature logs in the account.

View audit log is required as an additional permission to be able to export audit logs.

Certificates

Manage certificate hierarchy

View and create hierarchies. They can also activate and deactivate restricted hierarchies.

Manage certificate profiles

  • View, create, update, clone, enable, and disable certificate profiles that are created by the user.

  • View, update, and delete all certificates associated with a certificate profile that the user created.

View certificate profile

View certificate profiles created by the user.

View certificate template

View certificate template details in the account.

Generate certificate

Create a new certificate using keypairs that they are assigned to.

Users with Manage keypair permission can create a new certificate using any keypair within the account.

Import certificate

Import certificates for keypairs that they are assigned to.

Users with Manage keypair permission can import a certificate to any keypair within the account.

Revoke certificate

Revoke certificates associated with keypairs that they are assigned to.

Users with Manage keypair permission can revoke certificates associated to any keypair within the account.

View certificate

View certificate details for all certificates assigned to them.

Users with Manage keypair permission can view all certificates within the account.

Keypairs

Request keypair export

Request to export keypairs that they are assigned to.

Users with Manage keypair permission can request to export any keypair within the account.

Approve keypair export

Approve requests to export keypairs that they are assigned to.

Users with Manage keypair permission can approve keypair exports for any keypair within the account.

Approve keypair delete

Approve requests to delete keypairs that they are assigned to.

Users with Manage keypair permission can approve keypair delete for any keypair within the account.

Import keypair

Import keypairs into the account.

To import a GPG secring, Manage master key is also required.

Generate keypair

Create a new keypair.

View keypair

View keypairs and key rotations relying on keypairs assigned to them.

Users with Manage keypair permission can view all keypairs and key rotations within the account.

Manage keypair

  • Update, suspend or unsuspend keypairs.

  • Create, update, enable, and disable keypair profiles.

  • Create and update user groups.

  • Create, update, and refresh key rotation.

  • Generate a CSR.

Manage master GPG key

  • Create GPG master key, provided that the user also has Generate keypair permission.

  • Import a GPG secring, provided that the user also has Import keypair permission.

  • Update, suspend, unsuspend master keys that they are assigned to.

  • Delete master keys assigned to them, provided that the user also has Approve keypair delete permission.

  • Revoke master keys assigned to them, provided that the user also has Revoke certificate permission.

Users with Manage keypair permission can update, suspend, unsuspend any master keys within the account.

Users with Manage keypair permission can delete any master key within the account.

Users with Manage keypair permission can revoke any master key within the account.

Signatures

Sign

Sign software with keypairs assigned to them.

Releases

View release

View all releases in the account.

Request release

Request to create an offline release.

Approve release

Create a release and approve or reject requests to create offline releases.

Threat detection

Manage threat detection

Download threat detection reports and assign threat detection scans to projects.

The DigiCert​​®​​ Software Trust Manager Team Lead is an account scope (AS) role for managing developers and engineering teams responsible for signing and releasing software.

Category

Permission

Description

Notes

User settings

Default

View their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.

Teams

Manage my teams

View, update, deactivate, and map resources to existing teams that they are part of, provided that they have relevant resource permissions.

Audit logs

View audit log

View audit and signature logs in the account.

Export audit logs

Export audit and signature logs in the account.

View audit log is required as an additional permission to be able to export audit logs.

Certificates

Manage certificate hierarchy

View and create hierarchies. They can also activate and deactivate restricted hierarchies.

View certificate profile

View certificate profiles created by the user.

View certificate template

View certificate template details in the account.

Import certificate

Import certificates for keypairs that they are assigned to.

Users with Manage keypair permission can import a certificate to any keypair within the account.

Revoke certificate

Revoke certificates associated with keypairs that they are assigned to.

Users with Manage keypair permission can revoke certificates associated to any keypair within the account.

Generate certificate

Create a new certificate using keypairs that they are assigned to.

Users with Manage keypair permission can create a new certificate using any keypair within the account.

View certificate

View certificate details for all certificates assigned to them.

Users with Manage keypair permission can view all certificates within the account.

Keypairs

Import keypair

Import keypairs into the account.

To import a GPG secring, Manage master key is also required.

Request keypair export

Request to export keypairs that they are assigned to.

Users with Manage keypair permission can request to export any keypair within the account.

Approve keypair export

Approve requests to export keypairs that they are assigned to.

Users with Manage keypair permission can approve keypair exports for any keypair within the account.

Approve keypair delete

Approve requests to delete keypairs that they are assigned to.

Users with Manage keypair permission can approve keypair delete for any keypair within the account.

Generate keypair

Create a new keypair.

View keypair

View keypairs and key rotations relying on keypairs assigned to them.

Users with Manage keypair permission can view all keypairs and key rotations within the account.

Manage keypair

  • Update, suspend or unsuspend keypairs.

  • Create, update, enable, and disable keypair profiles.

  • Create and update user groups.

  • Create, update, and refresh key rotation.

  • Generate a CSR.

Manage master GPG key

  • Create GPG master key, provided that the user also has Generate keypair permission.

  • Import a GPG secring, provided that the user also has Import keypair permission.

  • Update, suspend, unsuspend master keys that they are assigned to.

  • Delete master keys assigned to them, provided that the user also has Approve keypair delete permission.

  • Revoke master keys assigned to them, provided that the user also has Revoke certificate permission.

Users with Manage keypair permission can update, suspend, unsuspend any master keys within the account.

Users with Manage keypair permission can delete any master key within the account.

Users with Manage keypair permission can revoke any master key within the account.

Signatures

Sign

Sign software with keypairs assigned to them.

Releases

View release

View all releases in the account.

Request release

Request to create an offline release.

Approve release

Create a release and approve or reject requests to create offline releases.

Threat detection

Manage threat detection

Download threat detection reports and assign threat detection scans to projects.

The DigiCert​​®​​ Software Trust Manager Build engineer is an account scope (AS) role for users responsible for signing and scanning software using threat detection.

Category

Permission

User can

Notes

User settings

Default

View their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.

Audit logs

View audit log

View audit and signature logs in the account.

Certificates

View certificate profile

View certificate profiles created by the user.

View certificate template

View certificate template details in the account.

View certificate

View certificate details for all certificates assigned to them.

Users with Manage keypair permission can view all certificates within the account.

Keypairs

View keypair

View keypairs and key rotations relying on keypairs assigned to them.

Users with Manage keypair permission can view all keypairs and key rotations within the account.

Signatures

Sign

Sign software with keypairs assigned to them.

Releases

View release

View all releases in the account.

Threat detection

View Threat detection

View all threat detection scans in the account.

Manage threat detection

Download threat detection reports and assign threat detection scans to projects.

Run Threat detection scans

Scan software using Threat detection.

The DigiCert​​®​​ Software Trust Manager Developer is an account scope (AS) role for users responsible for signing, managing assets related to signing, and releasing software.

Category

Permission

User can

Notes

User settings

Default

View their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.

Audit logs

View audit log

View audit and signature logs in the account.

Certificates

View certificate profile

View certificate profiles created by the user.

View certificate template

View certificate template details in the account.

Generate certificate

Create a new certificate using keypairs that they are assigned to.

Users with Manage keypair permission can create a new certificate using any keypair within the account.

View certificate

View certificate details for all certificates assigned to them.

Users with Manage keypair permission can view all certificates within the account.

Keypairs

Generate keypair

Create a new keypair.

View keypair

View keypairs and key rotations relying on keypairs assigned to them.

Users with Manage keypair permission can view all keypairs and key rotations within the account.

Signatures

Sign

Sign software with keypairs assigned to them.

Releases

Request release

Request to create an offline release.

View release

View all releases in the account.

Threat detection

View Threat detection

View all threat detection scans in the account.

The DigiCert​​®​​ Software Trust Manager Signer is an account scope (AS) role for engineers or authenticated devices responsible for signing software.

Category

Permission

User can

Notes

User settings

Default

View their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.

Audit logs

View audit log

View audit and signature logs in the account.

Certificates

View certificate profile

View certificate profiles created by the user.

View certificate template

View certificate template details in the account.

View certificate

View certificate details for all certificates assigned to them.

Users with Manage keypair permission can view all certificates within the account.

Keypair

View keypair

View keypairs and key rotations relying on keypairs assigned to them.

Users with Manage keypair permission can view all keypairs and key rotations within the account.

Signatures

Sign

Sign software with keypairs assigned to them.

Releases

View release

View all releases in the account.

For customers with DigiCert ONE installed on-premises, these roles are available for system administration.

DigiCert​​®​​ Software Trust Manager Admin is a system scope (SS) role for users responsible for day-to-day account configuration and enabling Software Trust Manager.

Category

Permission

User can

User settings

View user

View their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.

Account settings

Manage CertCentral API key

Delete, disable, enable, setup, update and validate a CertCentral API key.

View health

View app health (API).

Audit logs

View audit log

View audit and signature logs in the account.

Export audit logs

Export audit and signature logs in the account.

注記

View audit log is required as an additional permission to export audit logs.

Certificates

Manage certificate hierarchy

Create, update, approve, reject, suspend, unsuspend, and view certificate hierarchies.

注記

View certificate permission is required as an additional permission to manage certificate hierarchy.

Manage certificate profiles

  • Create, update, enable, disable, and delete certificate profiles.

  • Update and delete certificates.

注記

View certificate profile is required as an additional permission to manage certificate profiles.

Manage certificate profiles

  • Create, update, enable, disable, and delete certificate profiles.

  • Update and delete certificates.

注記

View certificate profile is required as an additional permission to manage certificate profiles.

Manage certificate template

Create, update, and clone certificate templates.

注記

View certificate template is required as an additional permission to manage certificate templates.

View certificate

View certificate details in the account.

Keypairs

Manage keypair

  • Update, suspend or unsuspend keypairs.

  • Create, update, enable, and disable keypair profiles.

  • Create and update user groups.

  • Create, update, and refresh key rotation.

  • Generate a CSR

注記

View keypair is required as an additional permission to manage keypairs.

View keypair

View keypair details in the account.

Releases

View release

View releases in the account.

DigiCert​​®​​ Software Trust Manager Support is a system scope (SS) role for support teams responsible for assisting users with account setup and signing.

Category

Permission

User can

User settings

Default

View their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.

Account settings

View health

View app health (API).

Audit logs

View audit log

View audit and signature logs in the account.

Export audit logs

Export audit and signature logs in the account.

注記

View audit log is required as an additional permission to export audit logs.

Certificates

View certificate profile

View certificate profile details in the account.

View certificate template

View certificate template details in the account.

View certificate

View certificate details in the account.

Keypairs

View keypair

View keypair details in the account.

Releases

View release

View releases in the account.

DigiCert​​®​​ Software Trust Manager System auditor is a system scope (SS) role for monitoring systems and applications for adherence to policies and compliance.

Category

Permission

User can

User settings

Default

View their own user profile and generate their own API key and client authentication certificate in DigiCert ONE.

Account settings

View health

View app health (API).

Audit logs

View audit log

View audit and signature logs in the account.

Export audit logs

Export audit and signature logs in the account.

注記

View audit log is required as an additional permission to export audit logs.

Certificates

View certificate

View certificate details in the account.

Keypairs

View keypair

View keypair details in the account.

Releases

View release

View releases in the account.