Predefined Role Templates

EJBCA provides default Role Templates designed to cover most use cases and be easily extendable. If none of these fit your needs, you can create a custom role using the Custom template and manually configure the role in Advanced Mode.

For a full list of access rules, see Access Rules.

Role Template Name

Rights

Super Administrator

  • Has overall access to EJBCA

  • Can edit system configuration

  • Can manage CAs

  • Can manage publishers (LDAP, AD, custom)

  • Can create CA administrators

CA Administrator

  • manages certificate profiles

  • manages end entity profiles

  • manages log configuration

  • manages publishers

  • manages key validators

  • can create RA administrators

  • can renew a CA using an existing key

  • can have full read access to the audit log

CA Administrators are not authorized to generate new keys, only renew using existing ones.

RA Administrator

  • can create end entities

  • can modify end entities

  • can revoke end entities

  • can delete end entities

  • can view existing end entities and their history

  • can have full read access to the audit log

Supervisor

  • has full read access to the Audit log

  • can search for and view end entities

  • can view certificates

Auditor

  • has full read access to the Audit Log

  • has full read access to authorized CAs

  • has full read access to authorized Certificate Profiles

  • has full read access to Crypto Tokens and keys

  • has full read access to authorized Publishers

  • has full read access to authorized End Entities

  • has full read access to authorized End Entity Profiles

  • has full read access to authorized Key Validators

  • has limited read access to Roles and Access Rules

  • has full read access to Internal Key Bindings

  • has full read access to Peer Systems

  • has full read access to Services

  • has full read access to SCEP aliases and authorized CMP aliases

  • has full read access to all system configuration