Entry Rights Needed to Perform Tasks

This listing provides the specific entry rights an administrator needs to manage Novell® Certificate Server tasks within an NDS® tree. These rights are the minimum entry rights needed.

This listing should also be helpful to the administrator who would like to grant rights to another user to manage part or all of company's certificate authority and certificate management needs.

Tasks Entry Rights Needed

Install Novell Certificate Server

For the first installation to an NDS tree:

  • Supervisor at the [Root] of the tree

For subsequent installations:

  • Supervisor to the W0 object

Creating an Organizational CA

  • Supervisor on the Security container

Viewing the Organizational CA's properties and certificates

  • Browse on the Organizational CA's object

Exporting the Organizational CA's certificate(s)

  • Browse on the Organizational CA's object

Issuing a public key certificate

  • Read to the NDSPKI:Private Key on the Organizational CA's object

Backing up and restoring an Organizational CA

  • Supervisor on the Organizational CA's object

Moving the Organizational CA to a different server

  • Supervisor on the Organizational CA's object

Validating the Organizational CA's Certificates

  • Browse on the Organizational CA's object

Replacing the Organizational CA

  • Supervisor on the Organizational CA's object

Deleting the Organizational CA

  • Delete on the Organizational CA's object

Creating Server Certificate objects

  • Supervisor on the server's container

  • Read to the attribute NDSPKI:Private Key on the Organizational CA's object (only if using the Org. CA)

Importing a public key certificate into a Server Certificate object

  • Write to the attribute NDSPKI:Public Key Certificate on the Server Certificate object

  • Write to the attribute NDSPKI:Certificate Chain on the Server Certificate Object

Deleting a Server Certificate object

  • Delete on the Server Certificate object

Exporting a Trusted Root or Public Key Certificate from a Server Certificate object

  • Browse on the Server Certificate object

Viewing the Server Certificate object's properties and certificates

  • Browse on the Server Certificate object

Backing up and restoring a Server Certificate object

  • Supervisor on the server object that owns the Server Certificate object to back-up
  • Create on the server object's container to restore.

Validating Server Certificates

  • Browse on the Server Certificate object

Replacing a server certificate's keying material

  • Write to the attribute NDSPKI:PrivateKey on the server certificate object

Creating user certificates

  • Read to the attribute NDSPKI:Private Key on the Organizational CA object
  • Read and Write to the attribute NDSPKI:userCertificateInfo on the User object
  • Read and Write to the attribute SAS:SecretStore on the User object
  • Read and Write to the attribute userCertificate on the User object

Importing a public key certificate into a User object

  • Read and Write on the attribute NDSPKI:userCertificateInfo on the User object
  • Read and Write to the attribute NDSPKI:userCertificate on the User object

Viewing a user certificate's properties

  • Browse on the User object

Exporting a user certificate using ConsoleOneTM

  • Browse on the User object

Exporting a user's private key and certificate using ConsoleOne

  • You must be logged in as the user.

Deleting a user certificate and private key

  • Read and Write to NDSPKI:userCertificateInfo
  • Read and Write to userCertificate

Validating User Certificates

  • Browse on the User object

Creating a Trusted Root Container

  • Create on the Security container

Creating a Trusted Root object

  • Create on the Trusted Root Container in which the Trusted Root object will reside

Viewing a Trusted Root object's properties

  • Browse on the Trusted Root object

Replacing a trusted root certificate

  • Read and Write to NDSPKI:Not After on the Trusted Root object

  • Read and Write to NDSPKI:Not Before on the Trusted Root object
  • Read and Write to NDSPKI:Subject Name on the Trusted Root object
  • Read and Write to NDSPKI:Trusted Root Certificate on the Trusted Root object

Validating a trusted root certificate

  • Browse on the Trusted Root object

Deleting a Trusted Root object

  • Delete on the Trusted Root object

Creating a CRL Object

  • Create to the container that the cRLDistributionPoint object will be created in

Importing a third-party CRL

  • Write to the attribute certificateRevocationList

Exporting a third-party CRL

  • Read from the attribute certificateRevocationList

Replacing a third-party CRL

  • Browse on the CRL object

Viewing a third-party CRL

  • Browse to the attribute certificateRevocationList

Creating a Security container

  • Create at the root of the eDirectory tree



Previous