Skip to main content

User roles and permissions

DigiCert® Device Trust Manager uses Role-Based Access Control (RBAC) to ensure users have the appropriate permissions for their responsibilities within the platform. This model restricts or grants access based on a user’s assigned role, enabling a secure and organized structure for managing IoT devices.

Role assignment is managed in DigiCert® Account Manager by an Account Administrator. See Account Manager documentation for more detail about user creation and management.

Assign users to roles

Assigning users to Device Trust Manager roles is performed through DigiCert® Account Manager by someone with Account administrator privileges.

  1. Sign in to DigiCert ONE as an Account Administrator.

  2. In the Manager menu (grid at top right), select Account.

  3. Select Access > Users.

  4. Click Add User and specify the required user details.

  5. In the DigiCert ONE Manager access field, select Device Trust.

  6. In the Device Trust Manager dropdown, select the appropriate role for the user. For example, Solution administrator.

    For more information, see Detailed roles and permissions.

An account administrator is responsible for creating users and assigning roles in Device Trust Manager. Below is a quick breakdown of each role to help you understand each one and best practices for assigning them:

  • Solution Administrator: This is the primary administrator role for Device Trust Manager, with full access to all permissions. Assign this role carefully, as users in this position have the ability to perform any action within Device Trust Manager.

  • Device Creator: This role is intended for users responsible for registering devices individually or in bulk. It is commonly assigned to production managers or staff at manufacturing facilities where devices are initialized and registered.

  • Device Administrator: Assigned to users who need control over device lifecycle management, including enabling, disabling, deleting, and restoring devices. This role is often designated to users involved in ongoing device operations and support.

  • Artifact Manager: Artifact Managers are typically firmware developers or software engineers who create and upload device update packages. They handle the software artifacts that are deployed to devices, making this role essential for maintaining and updating device functionality.

Aviso

The Solution Administrator and Account Administrator roles are typically held by two different individuals. An Account Administrator, usually from IT, IT Security, or PKI Ops, administers DigiCert® ONE and controls access to the various management applications, including Device Trust Manager. The Solution Administrator, however, is more likely to be part of the product or operational team responsible for managing devices.

Detailed roles and permissions

The table below provides a detailed breakdown of permissions associated with each role in Device Trust Manager:

Tabela 1. View/edit permissions for each role in Device Trust Manager

Solution Administrator 

Device Creator 

Device Administrator 

Artifact Manager 

General permissions 

Dashboard

View/Edit

View/Edit

View/Edit

View/Edit

Divisions

View/Edit

View

View

View

Notifications

View/Edit

View/Edit

View/Edit

View/Edit

License

View

-

-

-

System audit log

View

View

View

View

Certificate management permissions 

Authentication CAs

View/Edit

-

-

-

CA connector

View/Edit

-

-

-

Certificate management policy

View/Edit

View

View

-

Certificate profile

View/Edit

View

View

-

Certificate template

View

View

View

-

Certificate renew

View/Edit

-

View/Edit

-

Certificate request

View/Edit

View/Edit

View/Edit

-

Certificate revoke

View/Edit

-

View/Edit

-

OCSP groups

View/Edit

-

-

-

Device management permissions 

Devices

View/Edit

View

View/Edit

-

Download bootstrap configuration

View/Edit

View/Edit

View/Edit

-

Download certificates

View/Edit

View/Edit

View/Edit

-

Register many devices

View/Edit

View/Edit

-

-

Register single device

View/Edit

View/Edit

-

-

Device groups

View/Edit

View

View

-

Software update permissions 

Artifacts

View/Edit

View

View

View/Edit

Releases

View/Edit

View

View

View

Deployments

View/Edit

View

View

View

Job permissions 

Batch certificate issuance jobs

View/Edit

-

View/Edit

-

Batch device registration jobs

View/Edit

View/Edit

-

-

Deployment jobs

View/Edit

-

-

-

DigiCert​​®​​ Gateway management 

DigiCert​​®​​ Gateway

View/Edit

View

View

-


data de publicação: