Skip to main content

Roles and account access

Account administrators do not assign individual permissions to a user. Instead, they assign each user a role. The role assigned to the user determines which account features they can access.

Administrator

(unrestricted)

Full CertCentral account access with these permissions:

  • Access and manage Discovery.

  • Manage divisions (create and edit) and account users (create, delete, and edit).

  • Manage organizations (add new organizations), domains (add or deactivate), guest requests, and API access.

  • View all certificate requests and certificate orders, request certificates, approve certificate requests, and run order reports.

  • Manage account finance settings and finances (view balance history, run spending reports, deposit funds, and more).

  • Manage account settings (authentication settings, IP access restrictions, product restrictions, and more), audit settings, and audit logs.

Administrator

(restricted)

Full access to the divisions they are assigned to and these permissions:

  • Access and manage Discovery.

  • Manage their divisions.

  • Manage their division users (create, delete, and edit).

  • View domains assigned to their divisions and manage guest requests and API access.

  • View their division certificate requests and certificate orders, request certificates, approve certificate requests, and run order reports.

  • Manage their division finances (view balance history, run spending reports, deposit funds, and more).

Administrators

(all)

By default, they do not have permissions to approve EV Certificate, EV Code Signing Certificate, or Code Signing Certificate requests. To approve these types of requests, the administrator must be assigned the appropriate subroles.

Standard User

(unrestricted)

Account users with these permissions:

  • Request certificates.

  • Monitor certificate requests and orders (their own and others).

  • A manager or administrator must approve changes.

Standard User

(restricted)

Limited division user with these permissions:

  • Request certificates only for the divisions to which they are assigned.

  • Monitor certificate requests and orders (their own and others) for the divisions to which they are assigned.

  • A manager or administrator must approve changes.

Limited User

(unrestricted)

You can remove permission from the Standard user role to create a second user role: Limited User.

(Standard User + Limit to placing and managing their own orders)

Account users with these permissions:

  • Request certificates.

  • Monitor their own certificate requests and orders.

  • A manager or administrator must approve changes.

Limited User

(restricted)

Division users with these permissions:

  • Request certificates only for the divisions to which they are assigned.

  • Monitor their own certificate requests and orders.

  • A manager or administrator must approve changes.

Finance Manager

(unrestricted)

Limited account users whose primary role is to manage account finances. Includes these permissions:

  • View balance history, spending reports, and account pricing.

  • Manage purchase orders and deposit funds.

  • Manage order reports.

  • Request certificates.

  • Monitor their own certificate requests and orders.

Finance Manager

(restricted)

Limited division users whose primary role is to manage their division finances. Includes these permissions:

  • View their division’s balance history, spending reports, and account pricing.

  • Manage their division’s purchase orders and deposit funds.

  • Manage their division’s order reports.

  • Request certificates for the divisions to which they are assigned.

  • Monitor their own certificate requests and orders.

Manager

(unrestricted)

Limited account users whose primary role is to help manage the account. Includes these permissions:

  • Access and manage Discovery.

  • View divisions and manage account users (edit).

  • View organizations and manage domains (add or deactivate).

  • View all certificate requests and certificate orders, request certificates, approve certificate requests, and run order reports.

  • Manage account finance settings and finances (view balance history, run spending reports, deposit funds, and more).

  • Manage audit settings and audit logs.

Manager

(restricted)

Limited division users whose primary role is to help manage their divisions. Includes these permissions:

  • Access and manage Discovery.

  • View divisions and manage account users (edit).

  • View their division’s certificate requests and certificate orders, request certificates, approve certificate requests, and run order reports.

  • Manage division finances (view balance history, run spending reports, deposit funds, and more).

Manager

(all)

By default, they do not have permissions to approve EV Certificate, EV Code Signing Certificate, or Code Signing Certificate requests. To approve these types of requests, the manager must be assigned the appropriate subroles.