Private CA user permissions
Assign one or more Private CA permissions when you create a custom role.
Account permissions for standard and service users
The following permissions are available in your account:
Permission | User can |
|---|---|
Manage CA accounts | View, select, and manage CAs within Private CA accounts. |
View AIAs | View Authority Information Access (AIA) and Online Certificate Status Protocol (OCSP). |
Manage AIAs | View, select, and manage Authority Information Access (AIA) and Online Certificate Status Protocol (OCSP). |
Manage CA CRL | View, select, create, and manage Certificate Revocation List (CRL). |
View domain | View domains. |
Manage domain | View, select, create, and manage domains. |
Manage CA escrow recovery | Escrow CAs and recover them. |
View common CA database | View Common CA Database (CCADB) connections for public certificates. |
Manage common CA database | View, select, and manage Common CA Database (CCADB) connections for Public certificates. (DigiCert PKI Staff only) |
View default configurations | View and manage Roots and ICAs issuing configurations, such as Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP) settings. |
Manage HSM management | View, select, and manage HSMs and partitions within Private CA. |
View HSM partitions | View HSM partitions within Private CA. |
View audit log | Review the actions taken in their Private CA account audit logs. |
Permission | User can |
|---|---|
View CA | View Roots and Intermediate Certificate Authorities (ICAs) in related workflows. |
Manage CA | View, select, and manage Roots and Intermediate Certificate Authorities (ICAs) in related workflows. |
Manage revoke CA | User may request and approve/deny CA revocation requests |
View OCSP responder | View OCSP responders. |
Manage OCSP responder | User may create and manage OCSP responders |
View recover escrow key | View escrowed and recovered keys and certificates. |
Manage recover escrow key | Escrow keys and certificates and recover them. |
View certificate | View end-entity certificates |
View templates | View non-system templates to customize CAs and end-entities. |
Manage templates | View, select, and manage non-system templates to customize CAs and end-entities. |
System permissions for on-premises administration
For on-premises customers, these permissions are available for custom user roles used for system administration.
Permission | User can |
|---|---|
Manage CA accounts | View, select, and manage CAs within Private CA accounts. |
View AIAs | View Authority Information Access (AIA) and Online Certificate Status Protocol (OCSP). |
Manage AIAs | View, select, and manage Authority Information Access (AIA) and Online Certificate Status Protocol (OCSP). |
Manage CA recovery request | Receives escrow recovery requests and approve escrow recovery for an escrowed CA key. |
Manage CA CRL | View, select, create, and manage Certificate Revocation List (CRL). |
View domain | View domains. |
Manage domain | View, select, create, and manage domains. |
View audit log | Review the actions taken in their Private CA account audit logs. |
Permission | User can |
|---|---|
View CA | View Roots and Intermediate Certificate Authorities (ICAs) in related workflows. |
Manage CA | View, select, and manage Roots and Intermediate Certificate Authorities (ICAs) in related workflows. |
View certificate | View end-entity certificates |
Manage revoke CA | User may request and approve/deny CA revocation requests |
View OCSP responder | View OCSP responders. |
Manage OCSP responder | User may create and manage OCSP responders |
View escrow master keys | View master escrow keys used in partitions to perform key escrow |
Manage escrow master keys | Create and recover an escrowed CA key. |
Manage import certificate | User may import external roots and ICAs for use in DigiCert ONE. |
Manage revoke certificate | User may revoke end-entity certificates |
View templates | View non-system templates to customize CAs and end-entities. |
Manage templates | View, select, and manage non-system templates to customize CAs and end-entities. |
Permission | User can |
|---|---|
View ceremony request | View ceremony request |
Manage ceremony requests | User may create and manage ceremony requests (DIgiCert PKI Staff only) |
Manage ceremony certificate profile | User may manage modify the profile of a ceremony request (DigiCert PKI Staff only) |
View key pools | View key pools. |
Manage key pools | User may create, manage, and upload externally generated key pools (DigiCert PKI Staff only) |
Manage approve key pool batch | User may approve or deny an uploaded key pool batch (DigiCert PKI Staff only) |
Manage operations | User may modify and approve the operations section of a ceremony request (DigiCert PKI Staff only) |
Manage validation | User may modify and approve the validation section of a ceremony request (DigiCert PKI Staff only) |
Manage compliance | User may modify and approve the compliance section of a ceremony request (DigiCert PKI Staff only) |
Manage ceremony executable | User may generate an executable from a ceremony request for an offline key ceremony or key pool batch creation (DigiCert PKI Staff only) |
Manage common CA database | View, select, and manage Common CA Database (CCADB) connections for Public certificates. (DigiCert PKI Staff only) |
View common CA database | View common CA database. |
Permission | User can |
|---|---|
View default configurations | View the default configurations for Private CA. |
Manage default configurations | View and manage Roots and ICAs issuing configurations, such as Certificate Revocation List (CRL) and Online Certificate Status Protocol (OCSP) settings. |
View HSM management | View HSMs and partitions within Private CA. |
Manage HSM management | View, select, and manage HSMs and partitions within Private CA. |
View app health | Access the healthcheck endpoint API. |