Container Permissions

Permissions on certificate stores are controlled at two levels—globally and on a certificate store container-by-container basis. When designing a certificate store permission scheme, you may use entirely global permissions or you may use a combination of global permissions and container permissions. Both global and container permissions are configured through Security Roles (see Security Role Operations).

Global certificate store permissions are controlled with the Certificate Store Management role permissions on the Global Permissions tab of the Security Role Information dialog.

Figure 350: Certificate Store Management - Global Permissions

Container-by-container permissions are set on the Container Permissions tab of the Role Information dialog for each container by name using the same set of permissions.

Any containers that do not have container-by-container permissions applied fall back to the global permissions, if any global permissions have been set for that role.

Figure 351: Certificate Store Management - Container Permissions

Container permissions work in conjunction with many other security permissions to control access to certificate stores related functionality.

Tip:   See the detailed tip sections of Certificate Operations , Certificate Store Operations and Certificate Store Types for more information regarding which combination of security permissions are required for various operations.

Table 55: Permissions for Certificate Operations - Certificate Search Page

UI Permission Description

Read

Users can view the certificate stores and containers tabs on the Locations > Certificate Stores menu, and view certificate store types.

Schedule

Users can add certificates to certificate stores, renew/reissue certificates, schedule and remove certificates from certificate stores.

Modify

Users can manage all operations regarding certificate stores—including the stores, containers, and discovery process—and certificate store types.