Certificate Collection Permissions

Permissions on certificates and their collections can be controlled at two levels—system-wide at the certificates-collections level and on a collection The certificate search function allows you to query the Keyfactor Command database for certificates from any available source based on any criteria of the certificates and save the results as a collection that will be availble in other places in the Management Portal (e.g. expiration alerts and certain reports).-by-collection basis. When designing a certificate permission scheme, you may use entirely system-wide permissions or you may use a combination of system-wide permissions and collection permissions. Both system-wide and collection permissions are configured through Security Roles (see Security Role Operations).

System-wide certificate permissions are controlled using the Certificates / Collections role permission.

Permissions for managing collections (modification of existing collections or creation of new collections) are controlled with the system-wide Certificates / Collections role Modify permission. The Certificates Collections Modify permission allows a user to edit the configuration settings that make up the collections (e.g. the query that defines the collection). The permissions set on the Collection Permissions tab allow a user to act on the certificates in the collection.

Certificate-related permissions can be granted globally or on a collection basis. Both options share the same permission options (see Certificates) except system-wide certificate permissions have the additional role permissions of Modify and Private Key Import, which cannot be assigned at the collection level.

Any certificate collections that do not have collection-level permissions applied fall back to the system-wide permissions, if any system-wide permissions have been set for that role.

For more information about configuring collection-level permissions, see Collection Permissions Tab.