Permissions to use the SSH
The SSH (secure shell) protocol provides for secure connections between computers. It provides several options for authentication, including public key, and protects the communications with strong encryption. areas of Keyfactor Command are controlled with three security roles specific to this purpose:
- Enterprise Admin
- Server Admin
- User
Most functions in the Management Portal are available to users with the Server Admin role for SSH. The Enterprise Admin role is used to grant administrators the permission to create server groups and change the owner of a server group (see SSH Server Groups). Other than these two things, users with the Server Admin role and those with the Enterprise Admin role have the same level of access. Users with the User role (and neither of the SSH admin roles) can access only the My SSH Key page to allow them to generate an SSH key pair In asymmetric cryptography, public keys are used together in a key pair with a private key. The private key is retained by the key's creator while the public key is widely distributed to any user or target needing to interact with the holder of the private key. for their own use.
A workflow is a series of steps necessary to complete a process. In the context of Keyfactor Command, it refers to the workflow builder, which allows you automate event-driven tasks when a certificate is requested or revoked. permission roles, not by the specialized SSH permission roles.Table 19: SSH Permissions Table shows the access users with each of these roles has to the SSH functions within the Management Portal.
Table 19: SSH Permissions Table
|
Action |
SSH Enterprise Admin |
SSH Server Admin |
SSH User |
|---|---|---|---|
| User Key: Generate and Rotate (My SSH Key) |
Yes |
Yes |
Yes |
| User Key: Download (My SSH Key) |
Yes |
Yes |
Yes |
| Service Account Key: View and Search for Service Account Keys |
Yes |
Limited1 |
No |
| Service Account Key: Add |
Yes |
Limited2 |
No |
| Service Account Key: Edit |
Yes |
Limited3 |
No |
| Service Account Key: Delete |
Yes |
Limited4 |
No |
| Service Account Key: Download |
Yes |
Limited5 |
No |
| Unmanaged Keys: View and Search for Unmanaged Keys |
Yes |
Yes6 |
No |
| Unmanaged Keys: Delete |
Yes |
Yes7 |
No |
| Server Group: View and Search for Server Groups |
Yes |
Limited8 |
No |
|
Server Group: Add |
Yes |
No |
No |
|
Server Group: Edit |
Yes |
Limited9 |
No |
|
Server Group: Delete |
Yes |
No |
No |
|
Server Group: View Members of a Server Group |
Yes |
Limited10 |
No |
| Server Group: Edit Access (map an SSH key to a logon for a server group) |
Yes |
Limited11 |
No |
| Server: View and Search for Servers |
Yes |
Limited12 |
No |
| Server: Add |
Yes13 |
Limited14 |
No |
| Server: Edit |
Yes |
Limited15 |
No |
| Server: Edit Access (map an SSH key to a logon on a server) |
Yes |
Limited16 |
No |
| Server: Delete |
Yes |
Limited17 |
No |
| Logon: View and Search for Logons |
Yes |
Limited18 |
No |
| Logon: Add |
Yes |
Limited19 |
No |
| Logon: Edit |
Yes |
Limited20 |
No |
| Logon: Edit Access (map an SSH key to a logon) |
Yes |
Limited21 |
No |
| Logon: Delete |
Yes |
Limited22 |
No |
| User: View and Search for Users | Yes | Limited23 | No |
| User: Edit Access (map an SSH key to a logon) | Yes | Limited24 | No |
| User: Delete | Yes | Limited25 | No |