Predefined Role Templates

EJBCA provides default Role Templates designed to cover most use cases and be easily extendable.

If none of these fit your needs, you can create a custom role using the Custom template and manually configure the role in Advanced Mode.

The CA Administrator

  • manages certificate profiles

  • manages end entity profiles

  • manages log configuration

  • manages publishers

  • manages key validators

  • can create RA administrators

  • can renew a CA using an existing key
    images/s/en_US/8100/b0984b7297905b7c7bd946458f753ce0130bfc8c/_/images/icons/emoticons/warning.svg Note that CA Administrators are not authorized to generate new keys, only renew using existing ones.

  • can have full read access to the audit log

The RA Administrator

  • can create end entities

  • can modify end entities

  • can revoke end entities

  • can delete end entities

  • can view existing end entities and their history

  • can have full read access to the audit log

Supervisor

  • has full read access to the Audit log

  • can search for and view end entities

  • can view certificates

Auditor

  • has full read access to the Audit Log

  • has full read access to authorized CAs

  • has full read access to authorized Certificate Profiles

  • has full read access to Crypto Tokens and keys

  • has full read access to authorized Publishers

  • has full read access to authorized End Entities

  • has full read access to authorized End Entity Profiles

  • has full read access to authorized Key Validators

  • has limited read access to Administrator Roles

  • has full read access to Internal Key Bindings

  • has full read access to Peer Systems

  • has full read access to Services

  • has full read access to SCEP aliases and authorized CMP aliases

  • has full read access to all system configuration