Account user permissions
The purpose of an account user is generally to perform cryptographic actions and sign.
There are two categories of account users. Below is a comparison between the users and service users:
User | Service user | |
|---|---|---|
Can access DigiCert® Software Trust Manager UI? | Yes | No |
Can use DigiCert® Software Trust Manager clients? | Yes | Yes |
Can perform cryptographic actions? | Yes | Yes |
Can manage own credentials? | Yes | No |
Who is this user? | A person | An alias and associated email for alerts. Generally used for automation of workflows on a machine such as a build server. |
Opmerking
Only System users can onboard or provision accounts.
The following article outlines account user permissions which may be useful if you are creating a custom user role. Alternatively, refer to user roles for a list of preconfigured user roles that allow you to assign permission sets to new and existing users.
Tip
The permission descriptions below assume that the Teams feature is not enabled on your account. If teams are enabled on your account, refer to Teams permissions for more information.
General permissions
Permission | Description |
|---|---|
Manage account settings | User can update DigiCert® Software Trust Manager > Accounts > Account settings. |
Manage CertCentral API key | User can delete, disable, enable, setup, update and validate a CertCentral API key. |
Manage all teams | User can:
|
Manage my teams | User can view, update, deactivate, and map resources to existing teams that they are part of, provided that they have relevant resource permissions. |
View audit log | User can view audit and signature logs in the account. |
Export audit logs | User can export audit and signature logs in the account. Opmerking |
Certificate permissions
Permission | Description |
|---|---|
View certificate | User can view certificate details for all certificates assigned to them. Opmerking Users with |
Generate certificate | User can create a new certificate using keypairs that they are assigned to. Opmerking Users with |
Import certificate | User can import certificates for keypairs that they are assigned to. Opmerking Users with |
Revoke certificate | User can revoke certificates associated with keypairs that they are assigned to. Opmerking Users with |
Manage certificate hierarchy | User can view and create hierarchies. They can also activate and deactivate restricted hierarchies. |
View certificate profile | User can view certificate profiles created by the user. |
Manage certificate profiles | User can:
|
View certificate template | User can view certificate template details in the account. |
Keypair permissions
Permission | Description |
|---|---|
View keypair | User can view keypairs and key rotations relying on keypairs assigned to them. Opmerking Users with |
Generate keypair | User can create a new keypair. |
Import keypair | User can import keypairs into the account. Opmerking To import a GPG secring, |
Request keypair export | User can request to export keypairs that they are assigned to. Opmerking Users with |
Approve keypair export | User can approve requests to export keypairs that they are assigned to. Opmerking Users with |
Approve keypair delete | User can approve requests to delete keypairs that they are assigned to. Opmerking Users with |
Manage keypair | User can:
|
Sign | User can sign with keypairs assigned to them. |
Manage master GPG key | User can:
|
Release permissions
Permission | Description |
|---|---|
View release | User can view all releases in the account. |
Request release | User can create a release. |
Approve release | User can create a release and approve and reject requests to create offline releases. |
Threat detection
Permission | Description |
|---|---|
View Threat detection | User can view all threat detection scans in the account. |
Run Threat detection scans | User can run scans using Threat detection. |
Manage threat detection | User can download threat detection reports and assign threat detection scans to projects. |