Account user permissions
The purpose of an account user is generally to perform cryptographic actions and sign.
There are two categories of account users. Below is a comparison between the users and service users:
User | Service user | |
---|---|---|
Can access DigiCert® Software Trust Manager UI? | Yes | No |
Can use DigiCert® Software Trust Manager clients? | Yes | Yes |
Can perform cryptographic actions? | Yes | Yes |
Can manage own credentials? | Yes | No |
Who is this user? | A person | An alias and associated email for alerts. Generally used for automation of workflows on a machine such as a build server. |
Note
Only System users can onboard or provision accounts.
General permissions
Permission | Description |
---|---|
Manage account settings | User can update DigiCert® Software Trust Manager > Accounts > Account settings. |
Manage CertCentral API key | User can delete, disable, enable, setup, update and validate a CertCentral API key. |
Manage my teams | User can view, update, deactivate, and map resources to existing teams that they are part of. |
Manage all teams | User can:
|
View license | User can view licenses for the account. |
View audit log | User can view audit and signature logs in the account. |
Export audit logs | User can export audit logs in the account. Note |
View signatures | User can view signature logs in the account. |
Certificate permissions
Permission | Description |
---|---|
View certificate | User can view certificate details in the account. |
Generate certificate | User can create a new certificate. Note |
Import certificate | User can import certificates into the account. Note |
Revoke certificate | User can revoke certificates in the account. Note |
Manage certificate hierarchy | User can create, update, approve, reject, suspend, unsuspend, and view certificate hierarchies. Note |
View certificate profile | User can view certificate profile details in the account. Note |
Manage certificate profiles | User can:
|
View certificate template | User can view certificate template details in the account. |
Keypair permissions
Permission | Description |
---|---|
View keypair | User can view keypair details in the account. |
Generate keypair | User can create a new keypair. Note |
Import keypair | User can import keypairs into the account. Note |
Request keypair export | User can request to export keypairs. Note |
Approve keypair export | User can approve requests to export keypairs. Note |
Approve keypair delete | User can approve requests to delete keypairs. Note |
Manage keypair | User can:
Note |
Sign | User can sign. Note
|
Manage master keypair | User can:
Note |
Release permissions
Permission | Description |
---|---|
View release windows | User can view releases in the account. |
Request release | User can request to create an offline release. Note |
Approve release window | User can approve requests to create offline releases. Note |
Threat detection
Permission | Description |
---|---|
View Threat detection | User can view threat detection scans in the account. |
Run Threat detection scans | User can run scans on software using Threat detection. |
Manage threat detection | User can download threat detection reports and assign threat detection reports to projects. |