Software Trust Manager user roles
Assign one or more roles to a Software Trust Manager user when you add or update the user.
For DigiCert ONE cloud customers, these roles are available in your account.
The DigiCert® Software Trust Manager Lead is the highest account scope (AS) role. Assign this role to users responsible for managing cryptographic assets, enforcing policies, monitoring compliance for users in the account.
Category | Permission | User can | Notes |
|---|---|---|---|
User settings | Default | View their own user profile and generate their own API key and client authentication certificate in DigiCert ONE. | |
Account settings | Manage account settings | Update Software Trust Manager > Accounts > Account settings. | |
Manage CertCentral API key | Delete, disable, enable, setup, update and validate a CertCentral API key. | ||
Teams | Manage all teams |
| |
Audit logs | View audit log | View audit and signature logs in the account. | |
Export audit logs | Export audit and signature logs in the account. | | |
Certificates | Manage certificate hierarchy | View and create hierarchies. They can also activate and deactivate restricted hierarchies. | |
Manage certificate profiles |
| ||
View certificate profile | View certificate profiles created by the user. | ||
View certificate template | View certificate template details in the account. | ||
Generate certificate | Create a new certificate using keypairs that they are assigned to. | Users with | |
Import certificate | Import certificates for keypairs that they are assigned to. | Users with | |
Revoke certificate | Revoke certificates associated with keypairs that they are assigned to. | Users with | |
View certificate | View certificate details for all certificates assigned to them. | Users with | |
Keypairs | Request keypair export | Request to export keypairs that they are assigned to. | Users with |
Approve keypair export | Approve requests to export keypairs that they are assigned to. | Users with | |
Approve keypair delete | Approve requests to delete keypairs that they are assigned to. | Users with | |
Import keypair | Import keypairs into the account. | To import a GPG secring, | |
Generate keypair | Create a new keypair. | ||
View keypair | View keypairs and key rotations relying on keypairs assigned to them. | Users with | |
Manage keypair |
| ||
Manage master GPG key |
| Users with Users with Users with | |
Signatures | Sign | Sign software with keypairs assigned to them. | |
Releases | View release | View all releases in the account. | |
Request release | Request to create an offline release. | ||
Approve release | Create a release and approve or reject requests to create offline releases. | ||
Threat detection | Manage threat detection | Download threat detection reports and assign threat detection scans to projects. |
The DigiCert® Software Trust Manager Team Lead is an account scope (AS) role for managing developers and engineering teams responsible for signing and releasing software.
Category | Permission | Description | Notes |
|---|---|---|---|
User settings | Default | View their own user profile and generate their own API key and client authentication certificate in DigiCert ONE. | |
Teams | Manage my teams | View, update, deactivate, and map resources to existing teams that they are part of, provided that they have relevant resource permissions. | |
Audit logs | View audit log | View audit and signature logs in the account. | |
Export audit logs | Export audit and signature logs in the account. | | |
Certificates | Manage certificate hierarchy | View and create hierarchies. They can also activate and deactivate restricted hierarchies. | |
View certificate profile | View certificate profiles created by the user. | ||
View certificate template | View certificate template details in the account. | ||
Import certificate | Import certificates for keypairs that they are assigned to. | Users with | |
Revoke certificate | Revoke certificates associated with keypairs that they are assigned to. | Users with | |
Generate certificate | Create a new certificate using keypairs that they are assigned to. | Users with | |
View certificate | View certificate details for all certificates assigned to them. | Users with | |
Keypairs | Import keypair | Import keypairs into the account. | To import a GPG secring, |
Request keypair export | Request to export keypairs that they are assigned to. | Users with | |
Approve keypair export | Approve requests to export keypairs that they are assigned to. | Users with | |
Approve keypair delete | Approve requests to delete keypairs that they are assigned to. | Users with | |
Generate keypair | Create a new keypair. | ||
View keypair | View keypairs and key rotations relying on keypairs assigned to them. | Users with | |
Manage keypair |
| ||
Manage master GPG key |
| Users with Users with Users with | |
Signatures | Sign | Sign software with keypairs assigned to them. | |
Releases | View release | View all releases in the account. | |
Request release | Request to create an offline release. | ||
Approve release | Create a release and approve or reject requests to create offline releases. | ||
Threat detection | Manage threat detection | Download threat detection reports and assign threat detection scans to projects. |
The DigiCert® Software Trust Manager Build engineer is an account scope (AS) role for users responsible for signing and scanning software using threat detection.
Category | Permission | User can | Notes |
|---|---|---|---|
User settings | Default | View their own user profile and generate their own API key and client authentication certificate in DigiCert ONE. | |
Audit logs | View audit log | View audit and signature logs in the account. | |
Certificates | View certificate profile | View certificate profiles created by the user. | |
View certificate template | View certificate template details in the account. | ||
View certificate | View certificate details for all certificates assigned to them. | Users with | |
Keypairs | View keypair | View keypairs and key rotations relying on keypairs assigned to them. | Users with |
Signatures | Sign | Sign software with keypairs assigned to them. | |
Releases | View release | View all releases in the account. | |
Threat detection | View Threat detection | View all threat detection scans in the account. | |
Manage threat detection | Download threat detection reports and assign threat detection scans to projects. | ||
Run Threat detection scans | Scan software using Threat detection. |
The DigiCert® Software Trust Manager Developer is an account scope (AS) role for users responsible for signing, managing assets related to signing, and releasing software.
Category | Permission | User can | Notes |
|---|---|---|---|
User settings | Default | View their own user profile and generate their own API key and client authentication certificate in DigiCert ONE. | |
Audit logs | View audit log | View audit and signature logs in the account. | |
Certificates | View certificate profile | View certificate profiles created by the user. | |
View certificate template | View certificate template details in the account. | ||
Generate certificate | Create a new certificate using keypairs that they are assigned to. | Users with | |
View certificate | View certificate details for all certificates assigned to them. | Users with | |
Keypairs | Generate keypair | Create a new keypair. | |
View keypair | View keypairs and key rotations relying on keypairs assigned to them. | Users with | |
Signatures | Sign | Sign software with keypairs assigned to them. | |
Releases | Request release | Request to create an offline release. | |
View release | View all releases in the account. | ||
Threat detection | View Threat detection | View all threat detection scans in the account. |
The DigiCert® Software Trust Manager Signer is an account scope (AS) role for engineers or authenticated devices responsible for signing software.
Category | Permission | User can | Notes |
|---|---|---|---|
User settings | Default | View their own user profile and generate their own API key and client authentication certificate in DigiCert ONE. | |
Audit logs | View audit log | View audit and signature logs in the account. | |
Certificates | View certificate profile | View certificate profiles created by the user. | |
View certificate template | View certificate template details in the account. | ||
View certificate | View certificate details for all certificates assigned to them. | Users with | |
Keypair | View keypair | View keypairs and key rotations relying on keypairs assigned to them. | Users with |
Signatures | Sign | Sign software with keypairs assigned to them. | |
Releases | View release | View all releases in the account. |
For customers with DigiCert ONE installed on-premises, these roles are available for system administration.
DigiCert® Software Trust Manager Admin is a system scope (SS) role for users responsible for day-to-day account configuration and enabling Software Trust Manager.
Category | Permission | User can |
|---|---|---|
User settings | View user | View their own user profile and generate their own API key and client authentication certificate in DigiCert ONE. |
Account settings | Manage CertCentral API key | Delete, disable, enable, setup, update and validate a CertCentral API key. |
View health | View app health (API). | |
Audit logs | View audit log | View audit and signature logs in the account. |
Export audit logs | Export audit and signature logs in the account. Note | |
Certificates | Manage certificate hierarchy | Create, update, approve, reject, suspend, unsuspend, and view certificate hierarchies. Note |
Manage certificate profiles |
Note | |
Manage certificate profiles |
Note | |
Manage certificate template | Create, update, and clone certificate templates. Note | |
View certificate | View certificate details in the account. | |
Keypairs | Manage keypair |
Note |
View keypair | View keypair details in the account. | |
Releases | View release | View releases in the account. |
DigiCert® Software Trust Manager Support is a system scope (SS) role for support teams responsible for assisting users with account setup and signing.
Category | Permission | User can |
|---|---|---|
User settings | Default | View their own user profile and generate their own API key and client authentication certificate in DigiCert ONE. |
Account settings | View health | View app health (API). |
Audit logs | View audit log | View audit and signature logs in the account. |
Export audit logs | Export audit and signature logs in the account. Note | |
Certificates | View certificate profile | View certificate profile details in the account. |
View certificate template | View certificate template details in the account. | |
View certificate | View certificate details in the account. | |
Keypairs | View keypair | View keypair details in the account. |
Releases | View release | View releases in the account. |
DigiCert® Software Trust Manager System auditor is a system scope (SS) role for monitoring systems and applications for adherence to policies and compliance.
Category | Permission | User can |
|---|---|---|
User settings | Default | View their own user profile and generate their own API key and client authentication certificate in DigiCert ONE. |
Account settings | View health | View app health (API). |
Audit logs | View audit log | View audit and signature logs in the account. |
Export audit logs | Export audit and signature logs in the account. Note | |
Certificates | View certificate | View certificate details in the account. |
Keypairs | View keypair | View keypair details in the account. |
Releases | View release | View releases in the account. |