To create a new role in Signum, navigate in the Admin Web Console to Access>Roles and select New.
This will bring up the role creation wizard which will walk you through the steps of creating a new role.
General Role Settings
General Role Settings
The name for the new role.
An optional field to enter additional descriptive information about this role.
Here is how Signum handles Role priority assignments:
For more information about how priority impacts role assignment see the Roles Example.
Assigning the Scope of the Role.
This field allows for defining the Domain scope for this role. It does not have to be set immediately during Role creation, this property can be changed later by editing the Role.
The Domains assignment for the role defines which domains will be in scope for this role. If a domain is in the scope, the users of this role will be able to search for and see this domain's users when assigning policies. If required, multiple Domains can be selected.
Assigning Users & Groups to a Role
This field allows for selecting the users this role will apply to. These are the users that will ultimately have the permissions defined in the last step of the role creation wizard. It is not required that users are assigned immediately during the Role creation, they can be added later by editing the role.
Users of the Role
The Domain the users you want to assign this role to are in. Start typing the name of your Domain and it will auto-populate. You can select multiple Domains if needed.
Users (Or Groups)
The specific users or groups of users that are part of the selected domain you want to assign this role to. Start typing the name of your users or groups and they will auto-populate. You can select multiple users or groups of users.
Assigning Certificate Groups
Certificate Groups assigned to the role give this role's users the ability to use those certificates when creating policies.
To add a certificate group select the Add Certificates Group icon and any available certificate groups will be shown in the table where they can be selected. You can select a certificate group by selecting the check box for each group that you want to add and once finished select Add to add the selected certificate groups to the role.
You can also create a new certificate group from the same window by selecting Add Certificate Group. This will bring up a new window allowing you to enter the name for the new certificate group and optionally a limit on the number of certificates it can contain.
With a certificate group selected, you can then set the certificate group permissions for users who are being assigned the role that is being created.
Certificate Group Permissions
Will give users with this role the ability to add certificates to this group.
Will give users with this role the ability to remove certificates from this group.
Assign to Policies
Will give users with this role the ability to assign certificates in this group to policies.
Setting none of these properties will just let users of this role see the certificates.
If you need to delete a certificate group from the role, you can hover over the certificate group in the table and select Delete.
Assigning Permissions to a Role
The Permissions settings section of the Role creation wizard allows you to define granular permissions for users of the role. These settings apply to the Admin Web Console and any associated APIs.
To enable a permission for a user select the checkbox next to the permission you want to enable.
To disable a permission for a user do not select the checkbox.
Quick Tip A user assigned a role with no certificate group(s) and no permissions will be able to authenticate to the Admin Web Console but will be unable to view or access anything.
Gives users the permissions to:
Can delete a certificate which will delete the associated private key material. This is permanent.
Gives users the permissions to:
Quick Tip The Owner of a certificate can use the certificate superseding all policies.
Gives a user the ability to view any configured Certificate Alerts.
Gives a user the ability to create Certificate Alerts.
Gives a user the ability to edit any Certificate Alerts that have been created.
Gives a user the ability to delete any Certificate Alerts that have been created.
Certificate Signing Request
Gives a user the ability to generate a CSR. This permission also allows a user to renew an existing certificate which generates a new key pair/CSR.
Import Signed Certificate
Give a user the ability to import a signed certificate against a pending CSR.
Gives a user the ability to delete a CSR, which will delete the associated private key material. This is permanent.
Gives a user the ability to view policies.
Gives a user the ability to edit policies.
Gives a user the ability to delete policies.
Give a user the ability to create policies
Gives a user the ability to view applications.
Gives a user the ability to edit applications.
Gives a user the ability to delete applications.
Gives a user the ability to create applications.
Gives a user the ability to see events related only to other users that are part of the Domain that is scoped by this role.
Give a user the ability to see events related only to the certificates that are in the certificate group assigned to this role.
Gives a user the ability to see events related only to the policies that are assigned to this role.
Gives a user the ability to view all event logs.
Gives a user the ability to view the Domain settings and users.
Gives a user the ability to edit the Domain settings and users.