To connect and perform operations with a Security Manager CA, CA Gateway requires an administrator profile issued by the Security Manager CA. This profile must have a role with the following permissions.
Permission category | Permissions |
|---|---|
Certificates | Administer at least one certificate category. Currently, CA Gateway supports only Enterprise certificate types. |
Certificate Types | Administer at least one certificate type. |
Groups |
|
License Information | View |
Roles |
|
Searchbases |
|
Security Policy |
|
User Templates | Administer at least one template |
User - General |
|
User - Advanced | Change user's role |
Refer to the Security Manager Administration documentation for more details on role configuration.
To create a new role for the administrator profile
- Log in to Security Manager Administration for the Security Manager CA.
- In the tree view, expand Security Policy > Roles.
- Select Policies > Roles > New to create a new role. Alternatively, you can copy the Administrator role because this role includes most of the permissions required for the new role.
- Select Administrator.
- Select Policies > Roles > Selected Role > Copy . A copy of the role appears at the bottom of the list of roles in the tree view, and the new role’s properties appear in the right pane.
Click the Role tab.
Into the Unique name field, enter
CAGW Admin Role.In the Authorizations field, enter 1.
In the User Policy drop-down list, select CAGW Admin Policy. This is the client policy you created earlier.
Unselect the End User check box. This check box should already be deselected.
- Click the Permissions tab.
Configure the permissions documented in the above table and click Apply.
If prompted, authorize the operation. As explained in the Security Manager Administration documentation, the operation may require more than one authorization.
- A Permission Dependencies pop-up dialog may list additional permissions required for the role to function properly. Add these missing permissions to the role.