Understanding roles

Trust Protection Platform includes a few predefined roles designed with specific permissions that you can assign to existing users. These roles include the following:

• Master Admin: grants access to every object, certificate, key, identity, and permission in the system. See About the Master Admin role.

  WARNING!  Use the Master Admin role with extreme caution. Users to whom you assign the Master Admin role have full permissions to every object in the Trust Protection Platform database, including certificates, private keys, and credentials. You cannot hide any objects in the system from users who have been given this role.

• WebSDK Access: grants users programmatic access to Venafi's Web SDK. See Authorizing identity access for API Keys.

• Auditor: grants read access to view objects that are public, such as certificates, CSRs, and public keys. Also grants read access to view certain metadata about objects with higher security requirements, such as private keys. Can also read and run existing reports. To assign the auditor role, see Adding the Auditor role to a user or group.

  NOTE  If the auditor role is assigned to a user, all other permission assignments to that user are ignored.

You can see which roles are assigned to a user identity using the Roles filter on the Inventory > Identities page in Aperture. See Managing role assignments on one or more users or groups.