Roles and account access

Account administrators do not assign individual permissions to a user. Instead, they assign each user a role. The role assigned to the user determines which account features they can access.

Administrator
(unrestricted) 		Full CertCentral account access with these permissions:
  • Access and manage Discovery.
  • Manage divisions (create and edit) and account users (create, delete, and edit).
  • Manage organizations (add new organizations), domains (add or deactivate), guest requests, and API access.
  • View all certificate requests and certificate orders, request certificates, approve certificate requests, and run order reports.
  • Manage account finance settings and finances (view balance history, run spending reports, deposit funds, and more).
  • Manage account settings (authentication settings, IP access restrictions, product restrictions, and more), audit settings, and audit logs.
Administrator
(restricted) 		Full access to the divisions they are assigned to and these permissions:
  • Access and manage Discovery.
  • Manage their divisions.
  • Manage their division users (create, delete, and edit).
  • View domains assigned to their divisions and manage guest requests and API access.
  • View their division certificate requests and certificate orders, request certificates, approve certificate requests, and run order reports.
  • Manage their division finances (view balance history, run spending reports, deposit funds, and more).
Administrators
(all) 		By default, they do not have permissions to approve EV Certificate, EV Code Signing Certificate, or Code Signing Certificate requests. To approve these types of requests, the administrator must be assigned the appropriate subroles.
Standard User
(unrestricted) 		Account users with these permissions:
  • Request certificates.
  • Monitor certificate requests and orders (their own and others).
  • A manager or administrator must approve changes.
Standard User
(restricted) 		Limited division user with these permissions:
  • Request certificates only for the divisions to which they are assigned.
  • Monitor certificate requests and orders (their own and others) for the divisions to which they are assigned.
  • A manager or administrator must approve changes.
Limited User
(unrestricted)
You can remove permission from the Standard user role to create a second user role: Limited User.
(Standard User + Limit to placing and managing their own orders) 		Account users with these permissions:
  • Request certificates.
  • Monitor their own certificate requests and orders.
  • A manager or administrator must approve changes.
Limited User
(restricted) 		Division users with these permissions:
  • Request certificates only for the divisions to which they are assigned.
  • Monitor their own certificate requests and orders.
  • A manager or administrator must approve changes.
Finance Manager
(unrestricted) 		Limited account users whose primary role is to manage account finances. Includes these permissions:
  • View balance history, spending reports, and account pricing.
  • Manage purchase orders and deposit funds.
  • Manage order reports.
  • Request certificates.
  • Monitor their own certificate requests and orders.
Finance Manager
(restricted) 		Limited division users whose primary role is to manage their division finances. Includes these permissions:
  • View their division’s balance history, spending reports, and account pricing.
  • Manage their division’s purchase orders and deposit funds.
  • Manage their division’s order reports.
  • Request certificates for the divisions to which they are assigned.
  • Monitor their own certificate requests and orders.
Manager
(unrestricted) 		Limited account users whose primary role is to help manage the account. Includes these permissions:
  • Access and manage Discovery.
  • View divisions and manage account users (edit).
  • View organizations and manage domains (add or deactivate).
  • View all certificate requests and certificate orders, request certificates, approve certificate requests, and run order reports.
  • Manage account finance settings and finances (view balance history, run spending reports, deposit funds, and more).
  • Manage audit settings and audit logs.
Manager
(restricted) 		Limited division users whose primary role is to help manage their divisions. Includes these permissions:
  • Access and manage Discovery.
  • View divisions and manage account users (edit).
  • View their division’s certificate requests and certificate orders, request certificates, approve certificate requests, and run order reports.
  • Manage division finances (view balance history, run spending reports, deposit funds, and more).
Manager
(all) 		By default, they do not have permissions to approve EV Certificate, EV Code Signing Certificate, or Code Signing Certificate requests. To approve these types of requests, the manager must be assigned the appropriate subroles.

About

DigiCert is the world's leading provider of scalable TLS/SSL, IoT and PKI solutions for identity and encryption. The most innovative companies, including 89% of the Fortune 500 and 97 of the 100 top global banks, choose DigiCert for its expertise in identity and encryption for web servers and Internet of Things devices. DigiCert supports TLS and other digital certificates for PKI deployments at any scale through its certificate lifecycle management solution, CertCentral®. The company is recognized for its enterprise-grade certificate management platform, fast and knowledgeable customer support, and market-leading security solutions. For the latest DigiCert news and updates, visit digicert.com or follow @digicert.

©2020 DigiCert, Inc. All rights reserved. DigiCert, its logo and CertCentral are registered trademarks of DigiCert, Inc. Norton and the Checkmark Logo are trademarks of NortonLifeLock Inc. used under license. Other names may be trademarks of their respective owners.