User roles
User roles help you manage access permissions for both regular and service users.
Each user role includes a functional group of access permissions needed for an overall workflow or job responsibility in DigiCert® Trust Lifecycle Manager. Rather than assign access permissions individually, you assign a user role that includes all the access permissions the user needs.
DigiCert® Trust Lifecycle Manager provides predefined user roles for common work responsibilities, or you can define your own custom user roles.
Predefined user roles
By default, Account Manager provides the below predefined user roles that you can assign to your regular and service users who need access to DigiCert® Trust Lifecycle Manager.
Available user roles depend on whether the user is set up to access a specific account only (account scope) or all accounts (system scope).
Account scope
User role | Description |
|---|---|
SSP Manager | Configure the self-service portal. |
View only | Read-only access to account data. |
Infrastructure admin | View and manage client tools. |
Reporting admin | View and manage reports. |
Manager | Manage account setup (including business units, connectors, and seats), inventory (including certificate profiles, enrollments, and certificates), and reports/logs. |
Recovery manager | Recover escrowed certificates. |
Import manager | Import certificates from external CAs. |
User and certificate manager | Manage seats, enrollments, certificates, and reports. |
Certificate profile manager | Manage certificate profiles. |
System scope (on-premises installations)
User role | Description |
|---|---|
Technical support | Read-only access to account data for technical support purposes. |
Read only | Read-only access to user and account setup data. |
TLM admin | Superadmin responsible for managing users, accounts, and workflows. |
Tip
Select any user role by name in Account Manager to see the specific list of access permissions it includes.
Custom user roles
Create custom user roles in DigiCert® Account Manager to define your own functional groups of access permissions.
Give each custom user role a name and select which specific account it applies to (account scope) and which individual access permissions it includes. You can then assign the custom user role to both regular and service users.
To learn more, see Create a custom user role.