Container Permissions
Container Permissions
Permissions on certificate stores are controlled at two levels—globally and on a certificate store container-by-container basis. When designing a certificate store permission scheme, you may use entirely global permissions or you may use a combination of global permissions and container permissions. Both global and container permissions are configured through Security Roles (see Security Role Operations).
Global certificate store permissions are controlled with the Certificate Store Management role permissions on the Global Permissions tab of the Security Role Information dialog.
Figure 350: Certificate Store Management - Global Permissions
Container-by-container permissions are set on the Container Permissions tab of the Role Information dialog for each container by name using the same set of permissions.
Any containers that do not have container-by-container permissions applied fall back to the global permissions, if any global permissions have been set for that role.
Figure 351: Certificate Store Management - Container Permissions
Container permissions work in conjunction with many other security permissions to control access to certificate stores related functionality.
Table 55: Permissions for Certificate Operations - Certificate Search Page
UI Permission | Description |
---|---|
Read |
Users can view the certificate stores and containers tabs on the Locations > Certificate Stores menu, and view certificate store types. |
Schedule |
Users can add certificates to certificate stores, renew/reissue certificates, schedule and remove certificates from certificate stores. |
Modify |
Users can manage all operations regarding certificate stores—including the stores, containers, and discovery process—and certificate store types. |