Skip to main content

Managing Key Manager Roles

A Key Manager role is a collection of Key Manager permissions. Key Manager roles are used for granting global permissions to Key Manager accounts.

Roles are managed on the Accounts→Roles page.

Key Manager offers the following roles by default:

  • Administrators have all the permissions to the Key Manager system, excluding API access. These accounts should be used primarily for managing Key Manager roles and other administrative accounts.

  • Host Admins have the rights to manage hosts, host groups, and their SSH software configurations.

  • Auditors are able to review Key Manager key activity, jobs, and audit logs.

  • Key Operators manage the authorizations within the managed environment. They can create, authorize, and remove keys.

  • Deployers are able to add new hosts into the managed environment.

  • API Users are allowed to connect to the Key Manager API.

  • User Portal (Maximal): Role for granting all the permissions required by the User Portal API user.

  • User Portal (Minimal): Role for granting the minimal permissions required by the User Portal API user. Does not allow execution of requests submitted with the Direct delegation.

caution

Be careful when modifying roles and their associated permissions. It is possible to remove those permissions that are needed to restore permissions. The superuser account needs to be used to recover from such a situation. For more information about restoring permissions using superuser accounts, see Miscellaneous.