EJBCA provides default Role Templates designed to cover most use cases and be easily extendable. If none of these fit your needs, you can create a custom role using the Custom template and manually configure the role in Advanced Mode.
For a full list of access rules, see Access Rules.
|
Role Template Name
|
Rights
|
|
Super Administrator
|
Has overall access to EJBCA
Can edit system configuration
Can manage CAs
Can manage publishers (LDAP, AD, custom)
Can create CA administrators
|
|
CA Administrator
|
manages certificate profiles
manages end entity profiles
manages log configuration
manages publishers
manages key validators
can create RA administrators
can renew a CA using an existing key
can have full read access to the audit log
CA Administrators are not authorized to generate new keys, only renew using existing ones.
|
|
RA Administrator
|
|
|
Supervisor
|
|
|
Auditor
|
has full read access to the Audit Log
has full read access to authorized CAs
has full read access to authorized Certificate Profiles
has full read access to Crypto Tokens and keys
has full read access to authorized Publishers
has full read access to authorized End Entities
has full read access to authorized End Entity Profiles
has full read access to authorized Key Validators
has limited read access to Roles and Access Rules
has full read access to Internal Key Bindings
has full read access to Peer Systems
has full read access to Services
has full read access to SCEP aliases and authorized CMP aliases
has full read access to all system configuration
|