Skip to main content

User roles and permissions

DigiCert® Device Trust Manager uses Role-Based Access Control (RBAC) to ensure users have the appropriate permissions for their responsibilities within the platform. This model restricts or grants access based on a user’s assigned role, enabling a secure and organized structure for managing IoT devices.

Role assignment is managed in DigiCert® Account Manager by an Account Administrator. See Account Manager documentation for more detail about user creation and management.

An account administrator is responsible for creating users and assigning roles in Device Trust Manager. Below is a quick breakdown of each role to help you understand each one and best practices for assigning them:

  • Solution Administrator: This is the primary administrator role for Device Trust Manager, with full access to all permissions. Assign this role carefully, as users in this position have the ability to perform any action within Device Trust Manager.

  • Device Creator: This role is intended for users responsible for registering devices individually or in bulk. It’s commonly assigned to production managers or staff at manufacturing facilities where devices are initialized and registered.

  • Device Administrator: Assigned to users who need control over device lifecycle management, including enabling, disabling, deleting, and undeleting devices. This role is often designated to users involved in ongoing device operations and support.

  • Artifact Manager: Artifact Managers are typically firmware developers or software engineers who create and upload device update packages. They handle the software artifacts that are deployed to devices, making this role essential for maintaining and updating device functionality.

Note

The Solution Administrator and Account Administrator roles do not need to be held by the same individual. An Account Administrator—usually from IT, IT Security, or PKI Ops—administers DigiCert® ONE and controls access to the various management applications, including Device Trust Manager. The Solution Administrator, however, is more likely part of the product or operational team responsible for managing devices.

Detailed roles and permissions

The table below provides a detailed breakdown of permissions associated with each role in Device Trust Manager:

Table 1. View/edit permissions for each role in Device Trust Manager

Solution Administrator

Device Creator

Device Administrator

Artifact Manager

General permissions

Dashboard

View/Edit

View/Edit

View/Edit

View/Edit

Divisions

View/Edit

View

View

View

Notifications

View/Edit

View/Edit

View/Edit

View/Edit

License

View

-

-

-

System audit log

View

View

View

View

Certificate management permissions

Authentication CAs

View/Edit

-

-

-

CA connector

View/Edit

-

-

-

Certificate management policy

View/Edit

View

View

-

Certificate profile

View/Edit

View

View

-

Certificate template

View/Edit

View

View

-

Certificate renew

View/Edit

-

View/Edit

-

Certificate request

View/Edit

View/Edit

View/Edit

-

Certificate revoke

View/Edit

-

View/Edit

-

OCSP groups

View/Edit

-

-

-

Device management permissions

Devices

View/Edit

View

View/Edit

-

Download bootstrap configuration

View/Edit

View/Edit

View/Edit

-

Download certificates

View/Edit

View/Edit

View/Edit

-

Register many devices

View/Edit

View/Edit

-

-

Register single device

View/Edit

View/Edit

-

-

Device groups

View/Edit

View

View

-

Software update permissions

Artifacts

View/Edit

View

View

View/Edit

Releases

View/Edit

View

View

View

Deployments

View/Edit

View

View

View

Job permissions

Batch certificate issuance jobs

View/Edit

-

View/Edit

-

Batch device registration jobs

View/Edit

View/Edit

-

-

Deployment jobs

View/Edit

-

-

-

DigiCert​​®​​ Gateway management

DigiCert​​®​​ Gateway

View/Edit

View

View

-