View Roles and Valid Operations
The security officer can view roles and a list of operations each role can perform.
- To view the role list, expand System Management, select Role List. See Filter Lists to filter the list.
- To view a list of operations for each role, highlight a role, and then click Details...
Available Roles
Each role determines which functions the user can perform. A user can have more than one role.
- Security Officer – manages security settings, users, sites, and transfer partners
- Compliance Officer – manages key policies and key groups and determines which agents and transfer partners can use key groups
- Operator – manages agents, data units, and keys
- Backup Operator – performs backups
- Auditor – views information about the OKM cluster
- Quorum Member – views and approves pending quorum operations.
Valid Operations for Each Role
The operations available to a user depend on their role. This table lists the actions each role can perform.
In the table, the entries mean the following:
- Yes – the role can perform the operation.
- No – the role cannot perform the operation.
- Quorum – the role can perform the operation but must also provide a quorum.
Table 8-1 System Operations/User Roles
Entity | Operation | Security Officer | Comp. Officer | Oper. | Backup Oper. | Auditor | Quorum Member |
---|---|---|---|---|---|---|---|
Console |
Log In |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Console |
Set KMA IP Address |
Yes |
No |
No |
No |
No |
No |
Console |
Enable Tech Support |
Yes |
No |
No |
No |
No |
No |
Console |
Disable Tech Support |
Yes |
No |
Yes |
No |
No |
No |
Console |
Enable Primary Administrator |
Yes |
No |
No |
No |
No |
No |
Console |
Disable Primary Administrator |
Yes |
No |
Yes |
No |
No |
No |
Console |
Restart KMA |
No |
No |
Yes |
No |
No |
No |
Console |
Shutdown KMA |
No |
No |
Yes |
No |
No |
No |
Console |
Log OKM into Cluster |
Quorum |
No |
No |
No |
No |
No |
Console |
Set User's Passphrase |
Yes |
No |
No |
No |
No |
No |
Console |
Reset KMA |
Yes |
No |
No |
No |
No |
No |
Console |
Show Cluster Root CA Certificate Properties |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Console |
Re-key Root CA Certificate |
Yes |
No |
No |
No |
No |
No |
Console |
Logout |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Connect |
Log In |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Connect |
Create Profile |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Connect |
Delete Profile |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Connect |
Set Config Settings |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Connect |
Disconnect |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Key Split Credentials |
List |
Yes |
No |
No |
No |
No |
No |
Key Split Credentials |
Modify |
Quorum |
No |
No |
No |
No |
No |
Autonomous Unlock |
List |
Yes |
No |
No |
No |
No |
No |
Autonomous Unlock |
Modify |
Quorum |
No |
No |
No |
No |
No |
Lock/Unlock KMA |
List Status |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
Lock/Unlock KMA |
Lock |
Yes |
No |
No |
No |
No |
No |
Lock/Unlock KMA |
Unlock |
Quorum |
No |
No |
No |
No |
No |
Site |
Create |
Yes |
No |
No |
No |
No |
No |
Site |
List |
Yes |
No |
Yes |
No |
No |
No |
Site |
Modify |
Yes |
No |
No |
No |
No |
No |
Site |
Delete |
Yes |
No |
No |
No |
No |
No |
Security Parameters |
List |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
Security Parameters |
Modify |
Yes |
No |
No |
No |
No |
No |
KMA |
Create |
Quorum |
No |
No |
No |
No |
No |
KMA |
List |
Yes |
No |
Yes |
No |
No |
No |
KMA |
Modify |
Quorum |
No |
No |
No |
No |
No |
KMA |
Delete |
Yes |
No |
No |
No |
No |
No |
User |
Create |
Quorum |
No |
No |
No |
No |
No |
User |
List |
Yes |
No |
No |
No |
No |
No |
User |
Modify |
Yes |
No |
No |
No |
No |
No |
User |
Modify Passphrase |
Quorum |
No |
No |
No |
No |
No |
User |
Delete |
Yes |
No |
No |
No |
No |
No |
Role |
Add |
Quorum |
No |
No |
No |
No |
No |
Role |
List |
Yes |
No |
No |
No |
No |
No |
Key Policy |
Create |
No |
Yes |
No |
No |
No |
No |
Key Policy |
List |
No |
Yes |
No |
No |
No |
No |
Key Policy |
Modify |
No |
Yes |
No |
No |
No |
No |
Key Policy |
Delete |
No |
Yes |
No |
No |
No |
No |
Key Group |
Create |
No |
Yes |
No |
No |
No |
No |
Key Group |
List |
No |
Yes |
Yes |
No |
No |
No |
Key Group |
List Data Units |
No |
Yes |
Yes |
No |
No |
No |
Key Group |
List Agents |
No |
Yes |
Yes |
No |
No |
No |
Key Group |
Modify |
No |
Yes |
No |
No |
No |
No |
Key Group |
Delete |
No |
Yes |
No |
No |
No |
No |
Agent |
Create |
No |
No |
Yes |
No |
No |
No |
Agent |
List |
No |
Yes |
Yes |
No |
No |
No |
Agent |
Modify |
No |
No |
Yes |
No |
No |
No |
Agent |
Modify Passphrase |
No |
No |
Yes |
No |
No |
No |
Agent |
Delete |
No |
No |
Yes |
No |
No |
No |
Agent/Key Group Assignment |
List |
No |
Yes |
Yes |
No |
No |
No |
Agent/Key Group Assignment |
Modify |
No |
Yes |
No |
No |
No |
No |
Data Unit |
Create |
No |
No |
No |
No |
No |
No |
Data Unit |
List |
No |
Yes |
Yes |
No |
No |
No |
Data Unit |
Modify |
No |
No |
Yes |
No |
No |
No |
Data Unit |
Modify Key Group |
No |
Yes |
No |
No |
No |
No |
Data Unit |
Delete |
No |
No |
No |
No |
No |
No |
Keys |
List Data Unit Keys |
No |
Yes |
Yes |
No |
No |
No |
Keys |
Destroy |
No |
No |
Yes |
No |
No |
No |
Keys |
Compromise |
No |
Yes |
No |
No |
No |
No |
Transfer Partners |
Configure |
Quorum |
No |
No |
No |
No |
No |
Transfer Partners |
List |
Yes |
Yes |
Yes |
No |
No |
No |
Transfer Partners |
Modify |
Quorum |
No |
No |
No |
No |
No |
Transfer Partners |
Delete |
Yes |
No |
No |
No |
No |
No |
Key Transfer Keys |
List |
Yes |
No |
No |
No |
No |
No |
Key Transfer Keys |
Update |
Yes |
No |
No |
No |
No |
No |
Transfer Partner Key Group Assignments |
List |
No |
Yes |
Yes |
No |
No |
No |
Transfer Partner Key Group Assignments |
Modify |
No |
Yes |
No |
No |
No |
No |
Backup |
Create |
No |
No |
No |
Yes |
No |
No |
Backup |
List |
Yes |
Yes |
Yes |
Yes |
No |
No |
Backup |
List Backups with Destroyed Keys |
No |
Yes |
Yes |
No |
No |
No |
Backup |
Restore |
Quorum |
No |
No |
No |
No |
No |
Backup |
Confirm Destruction |
No |
No |
No |
Yes |
No |
No |
Core Security Backup |
Create |
Yes |
No |
No |
No |
No |
No |
SNMP Manager |
Create |
Yes |
No |
No |
No |
No |
No |
SNMP Manager |
List |
Yes |
No |
Yes |
No |
Yes |
No |
SNMP Manager |
Modify |
Yes |
No |
No |
No |
No |
No |
SNMP Manager |
Delete |
Yes |
No |
No |
No |
No |
No |
Audit Event |
View |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
Audit Event |
View Agent History |
No |
Yes |
Yes |
No |
No |
No |
Audit Event |
View Data Unit History |
No |
Yes |
Yes |
No |
No |
No |
Audit Event |
View Data Unit Key History |
No |
Yes |
Yes |
No |
No |
No |
System Dump |
Create |
Yes |
No |
Yes |
No |
No |
No |
System Time |
List |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
System Time |
Modify |
Yes |
No |
No |
No |
No |
No |
NTP Server |
List |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
NTP Server |
Modify |
Yes |
No |
No |
No |
No |
No |
Software Version |
List |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
Software Version |
Upgrade |
No |
No |
Quorum |
No |
No |
No |
Software Version |
Delete |
No |
No |
Yes |
No |
No |
No |
Network Configuration |
Display |
Yes |
Yes |
Yes |
Yes |
Yes |
No |
Pending Quorum Operation |
Approve |
No |
No |
No |
No |
No |
Quorum |
Pending Quorum Operation |
Delete |
Yes |
No |
No |
No |
No |
No |
Key List |
Query |
No |
Yes |
Yes |
No |
No |
No |
Key List |
List Activity History |
No |
Yes |
Yes |
No |
No |
No |
Agent Performance List |
Query |
No |
Yes |
Yes |
No |
No |
No |
KMA Performance List |
Query |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Current Load |
Query |
Yes |
Yes |
Yes |
Yes |
Yes |
Yes |
Remote Syslog |
List |
Yes |
No |
No |
No |
Yes |
No |
Remote Syslog |
Create |
Yes |
No |
No |
No |
No |
No |
Remote Syslog |
Modify |
Yes |
No |
No |
No |
No |
No |
Remote Syslog |
Delete |
Yes |
No |
No |
No |
No |
No |
Remote Syslog |
Test |
Yes |
No |
No |
No |
No |
No |
Hardware Management Pack |
Download MIB Bundle |
Yes |
No |
No |
No |
No |
No |
Hardware Management Pack |
Get Status |
Yes |
No |
No |
No |
Yes |
No |
Hardware Management Pack |
Enable |
Yes |
No |
No |
No |
No |
No |
Hardware Management Pack |
Disable |
Yes |
No |
No |
No |
No |
No |
Hardware Management Pack |
Test |
Yes |
No |
No |
No |
No |
No |