Software Trust Manager user permissions

Assign one or more Software Trust Manager permissions when you create a custom role.

Account permissions for standard and service users

The following permissions are available in your account:

Permission	User can	Notes
Manage account settings	Update Software Trust Manager > Accounts > Account settings.
Manage CertCentral API key	Delete, disable, enable, setup, update and validate a CertCentral API key.
Manage all teams	Create teams. View, update, deactivate, delete, and assign resources to all teams within the account, provided that they have relevant resource permissions.
Manage my teams	View, update, deactivate, and map resources to existing teams that they are part of, provided that they have relevant resource permissions.
View audit log	View audit and signature logs in the account.
Export audit logs	Export audit and signature logs in the account.	`View audit log` is required as an additional permission to be able to export audit logs.

Permission	User can	Notes
View keypair	View keypairs and key rotations relying on keypairs assigned to them.	Users with `Manage keypair` permission can view all keypairs and key rotations within the account.
Generate keypair	Create a new keypair.
Import keypair	Import keypairs into the account.	To import a GPG secring, `Manage master key` is also required.
Request keypair export	Request to export keypairs that they are assigned to.	Users with `Manage keypair` permission can request to export any keypair within the account.
Approve keypair export	Approve requests to export keypairs that they are assigned to.	Users with `Manage keypair` permission can approve keypair exports for any keypair within the account.
Approve keypair delete	Approve requests to delete keypairs that they are assigned to.	Users with `Manage keypair` permission can approve keypair delete for any keypair within the account.
Manage keypair	Update, suspend or unsuspend keypairs. Create, update, enable, and disable keypair profiles. Create and update user groups. Create, update, and refresh key rotation. Generate a CSR.
Sign	Sign software with keypairs assigned to them.

Permission	User can	Notes
View certificate	View certificate details for all certificates assigned to them.	Users with `Manage keypair` permission can view all certificates within the account.
Generate certificate	Create a new certificate using keypairs that they are assigned to.	Users with `Manage keypair` permission can create a new certificate using any keypair within the account.
Import certificate	Import certificates for keypairs that they are assigned to.	Users with `Manage keypair` permission can import a certificate to any keypair within the account.
Revoke certificate	Revoke certificates associated with keypairs that they are assigned to.	Users with `Manage keypair` permission can revoke certificates associated to any keypair within the account.
Manage certificate hierarchy	View and create hierarchies. They can also activate and deactivate restricted hierarchies.
View certificate profile	View certificate profiles created by the user.
Manage certificate profiles	View, create, update, clone, enable, and disable certificate profiles that are created by the user. View, update, and delete all certificates associated with a certificate profile that the user created.
View certificate template	View certificate template details in the account.

For on-premises customers, these permissions are available for custom user roles used for system administration.

Permission	User can	Notes
Manage CertCentral API key	Delete, disable, enable, setup, update and validate a CertCentral API key.
View audit log	View audit and signature logs in the account.
Export audit logs	Export audit and signature logs in the account.	`View audit log` is required as an additional permission to export audit logs.
View health	View app health (API).

Permission	User can	Notes
View keypair	View keypair details in the account.
Import keypair	Import keypairs into the account.	`View keypair` is required as an additional permission to import keypairs.
Manage keypair	Update, suspend or unsuspend keypairs. Create, update, enable, and disable keypair profiles. Create and update user groups. Create, update, and refresh key rotation. Generate a CSR	`View keypair` is required as an additional permission to manage keypairs.

Permission	User can	Notes
View certificate	View certificate details in the account.
Manage certificate hierarchy	Create, update, approve, reject, suspend, unsuspend, and view certificate hierarchies.	`View certificate` permission is required as an additional permission to manage certificate hierarchy.
View certificate template	View certificate template details in the account.
Manage certificate template	Create, update, and clone certificate templates.	`View certificate template` is required as an additional permission to manage certificate templates.
View certificate profile	View certificate profile details in the account.
Manage certificate profiles	Create, update, enable, disable, and delete certificate profiles. Update and delete certificates.	`View certificate profile` is required as an additional permission to manage certificate profiles.

Permission	User can
View release	View releases in the account.