Predefined Role Templates
EJBCA provides default Role Templates designed to cover most use cases and be easily extendable. If none of these fit your needs, you can create a custom role using the Custom template and manually configure the role in Advanced Mode.
For a full list of access rules, see Access Rules.
| Role Template Name | Rights |
|---|
| Super Administrator | - Has overall access to EJBCA
- Can edit system configuration
- Can manage CAs
- Can manage publishers (LDAP, AD, custom)
- Can create CA administrators
|
CA Administrator | - manages certificate profiles
- manages end entity profiles
- manages log configuration
- manages publishers
- manages key validators
- can create RA administrators
- can renew a CA using an existing key
- can have full read access to the audit log
CA Administrators are not authorized to generate new keys, only renew using existing ones.
|
RA Administrator | - can create end entities
- can modify end entities
- can revoke end entities
- can delete end entities
- can view existing end entities and their history
- can have full read access to the audit log
|
Supervisor | - has full read access to the Audit log
- can search for and view end entities
- can view certificates
|
Auditor | - has full read access to the Audit Log
- has full read access to authorized CAs
- has full read access to authorized Certificate Profiles
- has full read access to Crypto Tokens and keys
- has full read access to authorized Publishers
- has full read access to authorized End Entities
- has full read access to authorized End Entity Profiles
- has full read access to authorized Key Validators
- has limited read access to Roles and Access Rules
- has full read access to Internal Key Bindings
- has full read access to Peer Systems
- has full read access to Services
- has full read access to SCEP aliases and authorized CMP aliases
- has full read access to all system configuration
|
.png){kind=logo}
