User Roles

User roles govern the actions that a user account is allowed to perform. A given account may have multiple roles, in any combination.

In other words, you can create an account that has both Administrator and Officer privileges, but not Auditor privileges, or an account with Administrator and Auditor privileges, but not Officer privileges, or an account with all roles, and so forth.

In a production deployment, to avoid the risk involved when an authorized user performing hostile actions to Validation Authority, limit the role(s) that an account can have. In a high security deployment, consider limiting users to only one role.

• An Officer is responsible for managing certificate lifecycles. Officers register certificates with the Validation Authority and manage CRLs.

• An Auditor is responsible for reviewing audit logs for security breaches and checking certificate and ID status.

• An Administrator is responsible for installing, configuring, and upgrading the software. This includes managing user accounts, certificate issuers, data sources, the key store, scheduling jobs, and configuring logging and email notification when events that affect system operation occur.

• An Operator is responsible for managing server hardware, network infrastructure, and other IT infrastructure. This includes guaranteeing availability of the Validation Authority, disaster recovery, redundancy, and backing up the systems. Operators may need physical access to the machines running the Validation Authority, in order to perform certain tasks, but do not have login accounts on the Management Console.