Role-Based Access Control

It is not only organizations with multiple departments and IT specialists that desire flexibility in regards to the entitlements of their users and the availability of extensive auditing – these are almost always required by the compliance-process.

CertCenter has always offered multi-corporate clients the ability to manage joint users and extend specified rights and competencies to them. Now, this feature has been integrated into the CertCenter Extranet so that all clients have the capability to grant role dependent accent rights to joint users.

Currently the following roles have been set up with regard to their rights:

ADMINISTRATOR
The ADMINISTRATOR role grants complete access to all resources.
READYONLY_ORDERS
The ReadOnly role enables the user to search for certificates and view all related details. Because CertCenter does not accept or display private keys, the ReadOnly role poses no threat to the security of the organization.
PROCUREMENT
The perfect role for an organization’s procurement comprises–in addition to the rights of the above mentioned ReadOnly role – the option to order and manage certificates (with or without Ready Issue). The PROCUREMENT role may also reorder and delete SAN-Hosts, and also add licenses.
CERTIFICATE_MASTER
Inherent to this role are the rights of the PROCUREMENT role, but it’s also equipped with the rights to reissue or retract active certificates, and to cancel orders.
USERMANAGER
The USERMANAGER role enables the user to grant individual rights to, or remove other users, and change passwords.
SUBCUSTOMERS
This role enables the joint user to create new sub-customers (as long as this feature has been activated on your CertCenter Account, e.g. when using the CertCenter White label interface as a larger organization).
PREVALIDATION
The PREVALIDATION role enables the joint user to order and manage pre-authorizations.
ACCOUNTING
The ACCOUNTING role is (if applicable in conjunction with the READONLY_ORDERS role) a perfect fit for accountants. It enables the joint users to view receipts (bills and credit entries), current limits, and pay bills via credit card.
DEVELOPER
The DEVELOPER role encompasses, as a developer, the rights to PROCUREMENT and ACCOUNTING (limits only).
REPORTING
Joint users with the REPORTING role are granted access to the certificate inventory matrix and all additional core data of the organization (e.g. turnovers on CertCenter, invoice amounts, etc.).

 

The mentioned roles may be combined however you like. Multiple selections are possible for every joint user.

In order for the user management tool to appear and be accessible on CertCenter Extranet under your customer account tab, you user profile will need to be updated with either the ADMINISTRATOR or USERMANAGER role.

One of our upcoming articles will deal with auditing functionality based on role-related rights.

am