Predefined Role Templates
EJBCA provides default Role Templates designed to cover most use cases and be easily extendable. If none of these fit your needs, you can create a custom role using the Custom template and manually configure the role in Advanced Mode.
For a full list of access rules, see Access Rules.
|
Role Template Name
|
Rights
|
|
Super Administrator
|
-
Has overall access to EJBCA
-
Can edit system configuration
-
Can manage CAs
-
Can manage publishers (LDAP, AD, custom)
-
Can create CA administrators
|
|
CA Administrator
|
-
manages certificate profiles
-
manages end entity profiles
-
manages log configuration
-
manages publishers
-
manages key validators
-
can create RA administrators
-
can renew a CA using an existing key
-
can have full read access to the audit log
CA Administrators are not authorized to generate new keys, only renew using existing ones.
|
|
RA Administrator
|
|
|
Supervisor
|
|
|
Auditor
|
-
has full read access to the Audit Log
-
has full read access to authorized CAs
-
has full read access to authorized Certificate Profiles
-
has full read access to Crypto Tokens and keys
-
has full read access to authorized Publishers
-
has full read access to authorized End Entities
-
has full read access to authorized End Entity Profiles
-
has full read access to authorized Key Validators
-
has limited read access to Roles and Access Rules
-
has full read access to Internal Key Bindings
-
has full read access to Peer Systems
-
has full read access to Services
-
has full read access to SCEP aliases and authorized CMP aliases
-
has full read access to all system configuration
|
.png){kind=logo}