Security Role Operations

On the Security Roles and Identities page, select the Security Role tab and click Add from the menu at the top of the grid to add a new security role, or highlight a row and click Edit from the top of the grid or from the right click menu to modify an existing role.

Note:  The Administrators and Reporting API A set of functions to allow creation of applications. Keyfactor offers the Keyfactor API, which allows third-party software to integrate with the advanced certificate enrollment and management features of Keyfactor Command. Access roles cannot be edited or deleted.

Either the Add Security Role dialog or Role information For <role> dialog will open. Fill in each tab of the dialog with the information desired for the selected security role.

1. On the Global Permissions tab, click the toggle buttons for the permissions that are appropriate for the new role (see Security Role Permissions).

   

   Figure 355: Grant Global Permissions to a Security Role

   Tip:  If desired, use the dropdown at the top to enable all the read toggle buttons ("Read Only") or all the toggle buttons ("Select All"). Click Apply to apply the selection in the dropdown across all permissions. Click Reset to return the dialog to the state it was in when last saved and remove any changes made since opening the permission for editing. Click Clear to disable all the toggle buttons.

2. Optionally, on the Collection The certificate search function allows you to query the Keyfactor Command database for certificates from any available source based on any criteria of the certificates and save the results as a collection that will be availble in other places in the Management Portal (e.g. expiration alerts and certain reports). Permissions tab, highlight each certificate collection you would like to set permissions for and click the toggle button for each desired permission (see Certificate Permissions). If you do not select any collections, the permissions set on the Global Permissions tab will apply to all collections. A search bar has been added to the top of Collection Name column on the collections tab of the security dialog to make it easier to find and assign permissions.

   

   Figure 356: Grant Collection Permissions to a Security Role

3. Optionally, on the Container Permissions tab, highlight each container you would like to set permissions for and click the toggle button for each desired permission (see Container Permissions). If you do not select any containers, the permissions set on the Global Permissions tab will apply to all containers. A search bar has been added to the top of Container Name column on the containers tab of the security dialog to make it easier to find and assign permissions.

   

   Figure 357: Grant Container Permissions to a Security Role

4. On the Identities/Access tab, click Add to open the Add Security Identities dialog, which shows all unassigned identities created in Keyfactor Command (see Security Identity Operations). Check the box next to each desired identity and click Add or Add and Close to add the identity to the list for this role. Or select one or more existing identities and click Remove to remove them from this security role

   

   Figure 358: Associate Security Identities with a Security Role