The following list provides the specific entry rights an administrator needs to manage NetIQ Certificate Server tasks within an eDirectory tree. These rights are the minimum entry rights needed.
This list should also be helpful to the administrator who wants to grant rights to another user to manage part or all of company's certificate authority and certificate management needs.
Table B-1 Administrator Entry Rights
Tasks |
Entry Rights Needed |
---|---|
Install NetIQ Certificate Server |
For the first installation to an eDirectory tree:
For subsequent installations:
|
Creating an Organizational CA |
|
Viewing the Organizational CA's properties and certificates |
|
Exporting the Organizational CA's certificate(s) |
|
Issuing a public key certificate |
|
Backing up and restoring an Organizational CA |
|
Moving the Organizational CA to a different server |
|
Validating the Organizational CA's Certificates |
|
Replacing the Organizational CA |
|
Deleting the Organizational CA |
|
Creating Server Certificate objects |
|
Importing a public key certificate into a Server Certificate object |
|
Deleting a Server Certificate object |
|
Exporting a Trusted Root or Public Key Certificate from a Server Certificate object |
|
Viewing the Server Certificate object's properties and certificates |
|
Backing up and restoring a Server Certificate object |
|
Validating Server Certificates |
|
Revoking Server Certificates |
|
Replacing a server certificate's keying material |
|
Creating user certificates |
|
Importing a public key certificate into a User object |
|
Viewing a user certificate's properties |
|
Exporting a user certificate |
|
Exporting a user's private key and certificate |
|
Deleting a user certificate and private key |
|
Validating User Certificates |
|
Revoking User Certificates |
|
Creating a Trusted Root Container |
|
Creating a Trusted Root object |
|
Viewing a Trusted Root object's properties |
|
Replacing a trusted root certificate |
|
Validating a trusted root certificate |
|
Revoking a trusted root certificate |
|
Deleting a Trusted Root object |
|
Creating a CRL Container |
|
Deleting a CRL Container |
|
Creating a CRL Configuration object |
|
Activating a CRL Configuration object |
|
Viewing and/or Modifying a CRL Configuration object's Properties |
Modifying:
Viewing:
|
Deleting a CRL Configuration object |
|
Creating a CRL object |
|
Exporting a CRL file |
|
Replacing a CRL file |
|
Viewing a CRL object's properties |
|
Deleting a CRL object |
|
Creating a Security container |
|
Creating a SAS service object |
|