User Roles and User Management
1.1 User Roles
1.2 User Addition
2.1 Create a User
2.2 Generating User Certificates
2.3 Modify User Data
2.4 Delete a User
1. User Management
1.1 User Roles
Key Manager Plus serves as a repository for SSH keys and SSL certificates. To control the management and accessibility of the SSH Keys and SSL certificates in an organization, we have defined three static roles in the Key Manager Plus application. Based on the roles defined to the users, Key Manager Plus control their accessibility and permissions, respectively. The user roles available in Key Manager Plus are:
i. Administrator
The users with the administrator roles can manage all the user accounts, SSH keys, SSH certificates, user groups, and scheduled operations and have access to the audit records and reports in Key Manager Plus.
ii. SSL Power User
Users designated with this role will have elevated privileges to perform complete SSL certificate management capabilities. The few intended behavior of this role are:
- The SSL power user has only access to the SSL-related operations of Key Manager Plus.
- The certificates managed by an SSL power user will not be accessible by another user of the same role unless they are shared.
- If the user of this role is removed or changed to the operator role, the certificates owned by this user will be transferred to the administrator who performs this operation.
- If SSL certificates are shared with a user of this role by an administrator, then both will have privileged permission to manage those certificates.
iii. Operator
Users assigned with the operator role can only view SSH keys and the SSL certificates that are shared with them by the Administrators.
1.2 User Addition
You can add users to Key Manager Plus and create an account for them to access the product in three ways:
2. Adding Users Manually
2.1 Create a User
- Navigate to the Settings >> User Management >> Users tab in the GUI.
- Click the Add User button.
- Enter the First Name, Last Name, Login name, Password, and the E-mail Id of the user.
- Assign role for the new user - Administrator, SSL Power User or Operator.
- If you are selecting the role for the new user as Administrator, you can select and save that.
- If you are assigning the SSL Power User role to the user, select the SSL Certificates, Certificate Groups and Templates that are to be managed by the user.
- If you are assigning the Operator role to the user, you can select whether the user can access SSH user accounts and/or SSL certificates, and, these should be added manually.
- If you are assigning SSL certificates to the user, directly select the certificates. You can also select to Grant permission to the user to sign the certificates which will allow the operator to sign the CSR by default if the Signing Approval Setting is enabled globally.
- For SSH server selection, three options are available:
- Select Specific Users – Click the check boxes available next to a resource name to assign all the user accounts of that resource to the operator. Else, click the arrow next to the checkbox to expand the list of user accounts available in the resource and select individual user accounts to be assigned.
- Resource group – Select the group(s) to be assigned to the operator. The operator is provided access to only those SSH user accounts across all the resource(s) (of the selected resource groups), which have the same name as the login name of the operator.
- User group – Select the group(s) to be assigned to the operator. The operator is provided access to only those SSH user accounts available in the selected user group(s).
- You can simultaneously assign SSH user accounts, and SSL certificates to the same user (operator).
- Click Save.
A pop up message will confirm the addition of a new user to the database.
Note: Only operators need to be assigned the resources and groups for which they need access. Administrators are automatically provided with access to all resources and certificates associated with Key Manager Plus.
2.2 Generate User Certificates
You can also create and sign certificates for Key Manager Plus users based on a root certificate. To generate user certificates,
- Navigate to Settings >> User Management >> Users tab.
- Select the user(s) for which you need to generate a certificate and click Sign.
- In the pop-up that opens, select the root certificate based on which the user certificate(s) need to be signed, specify the SAN and Validity in days.
- By default, the user certificate inherits the same parameters as that of the root certificate. You can modify its details by unchecking the Use root certificate details check-box.
- Click Sign. Separate certificates are generated for the user accounts selected and are consolidated in Key Manager Plus' certificate repository.
You then have to deploy these certificates to their corresponding end-servers. Refer to this section of help for step-by-step explanation on certificate deployment.
2.3 Modify a User Data
To modify the user data:
- Navigate to the Settings >> User Management >> Users tab in the GUI.
- Select a user and click the Edit User button.
- Modify the required fields as desired and click the Save button to update the changes.
You will get a confirmation message that the changes to the user have been updated successfully.
2.4 Delete a User
To delete a user from the Key Manager Plus :
- Navigate to Settings >> User Management >> Users.
- Select the user you would like to delete and click the Delete User button.
You will get a confirmation that the user has been deleted successfully.