Predefined Role Templates
EJBCA provides default Role Templates designed to cover most use cases and be easily extendable. If none of these fit your needs, you can create a custom role using the Custom template and manually configure the role in Advanced Mode.
For a full list of access rules, see Access Rules.
Role Template Name | Rights |
|---|
Super Administrator | Has overall access to EJBCA Can edit system configuration Can manage CAs Can manage publishers (LDAP, AD, custom) Can create CA administrators
|
CA Administrator | manages certificate profiles manages end entity profiles manages log configuration manages publishers manages key validators can create RA administrators can renew a CA using an existing key can have full read access to the audit log
CA Administrators are not authorized to generate new keys, only renew using existing ones.
|
RA Administrator | |
Supervisor | |
Auditor | has full read access to the Audit Log has full read access to authorized CAs has full read access to authorized Certificate Profiles has full read access to Crypto Tokens and keys has full read access to authorized Publishers has full read access to authorized End Entities has full read access to authorized End Entity Profiles has full read access to authorized Key Validators has limited read access to Roles and Access Rules has full read access to Internal Key Bindings has full read access to Peer Systems has full read access to Services has full read access to SCEP aliases and authorized CMP aliases has full read access to all system configuration
|
.png){kind=logo}
