Signum supports Role Based Access Control (RBAC) through the concept of “Roles”. A role in Signum is a set of permissions for a user that defines what they are able to edit and access in the Signum Admin Web Console and any associated APIs. This method of RBAC allows for granular permissions settings to be defined for specific users and groups. For example, one role may be configured that allows a group of users to generate Certificate Signing Requests (CSRs) and import certificates, while another role may be configured that only allows users to view certificate usage events.
Getting Started with Roles
Some helpful items to keep in mind when working with roles:
A user can only have one role assigned at a time
Every user accessing the Web Admin Console must have a role assigned
Certificate Groups can be assigned to roles giving those users the ability to assign them to policies
A user using one of the Signum Agents (Windows or Linux) does not need a role because certificate usage is defined by policies
A role can be assigned to an individual user or groups of users