Account scope (AS) user permissions
The purpose of an account user is generally to perform cryptographic actions and sign.
There are two categories of account users. Below is a comparison between the users and service users:
User | Service user | |
---|---|---|
Can access DigiCert® KeyLocker UI? | Yes | No |
Can use DigiCert® KeyLocker clients? | Yes | Yes |
Can perform cryptographic actions? | Yes | Yes |
Can manage own credentials? | Yes | No |
Who is this user? | A person | An alias and associated email for alerts. Generally used for automation of workflows on a machine such as a build server. |
Nota
Only System users can onboard or provision accounts.
The following article outlines account user permissions which may be useful if you are creating a custom user role. Alternatively, refer to user roles for a list of preconfigured user roles that allow you to assign permission sets to new and existing users.
Permission | User can | Notes |
---|---|---|
Manage CertCentral API key | Delete, disable, enable, setup, update and validate a CertCentral API key. |
Permission | User can | Notes |
---|---|---|
View certificate | View certificate details for all certificates assigned to them. | Users with |
Revoke certificate | Revoke certificates associated with keypairs that they are assigned to. | Users with |
Permission | User can | Notes |
---|---|---|
View keypair | View keypair details in the account. | |
Manage keypair | Update the keypair alias. | |
Sign | Sign software with keypairs assigned to them. |