Account scope (AS) user permissions
The purpose of an account user is generally to perform cryptographic actions and sign.
There are two categories of account users. Below is a comparison between the users and service users:
User | Service user | |
---|---|---|
Can access DigiCert® KeyLocker UI? | Yes | No |
Can use DigiCert® KeyLocker clients? | Yes | Yes |
Can perform cryptographic actions? | Yes | Yes |
Can manage own credentials? | Yes | No |
Who is this user? | A person | An alias and associated email for alerts. Generally used for automation of workflows on a machine such as a build server. |
注意
Only System users can onboard or provision accounts.
The following article outlines account user permissions which may be useful if you are creating a custom user role. Alternatively, refer to user roles for a list of preconfigured user roles that allow you to assign permission sets to new and existing users.
General permissions
Permission | User can |
---|---|
Manage CertCentral API key | Delete, disable, enable, setup, update and validate a CertCentral API key. |
Certificate permissions
Permission | User can |
---|---|
View certificate | View certificate details for all certificates assigned to them. 注意 Users with |
Revoke certificate | Revoke certificates associated with keypairs that they are assigned to. 注意 Users with |
Keypair permissions
Permission | User can |
---|---|
View keypair | View keypair details in the account. |
Manage keypair | Update the keypair alias. |
Sign | Sign software with keypairs assigned to them. |