Default System Roles
ADSS Server has the following default roles:
- Administrator
- Security Officer
- Auditor
The table below shows the access rights for these roles. Note all low-level modules are automatically assigned (although not explicitly shown below). Full access means ability to create, read, amend and delete records:
Role Name |
Administrator |
Security Officer |
Auditor |
Signing Service |
Full Access |
Full Access |
Transaction Logs |
Verification Service |
Full Access |
Full Access |
Transaction Logs |
Certification Service |
Full Access |
Full Access |
Transaction Logs |
OCSP Service |
Full Access |
Full Access |
Transaction Logs |
TSA Service |
Full Access |
Full Access |
Transaction Logs |
XKMS Service |
Full Access |
Full Access |
Transaction Logs |
SCVP Service |
Full Access |
Full Access |
Transaction Logs |
LTANS Service |
Full Access |
Full Access |
Transaction Logs |
Go>Sign Service |
Full Access |
Full Access |
Transaction Logs |
RA Service |
Full Access |
Full Access |
Transaction Logs |
Key Manager |
Full Access |
Full Access |
No Access |
Trust Manager |
Full Access |
Full Access |
No Access |
CRL Monitor |
Full Access |
Full Access |
No Access |
Manage CAs |
Full Access |
Full Access |
No Access |
Access Control |
Full Access |
Full Access |
No Access |
Client Manager |
Full Access |
Full Access |
No Access |
System Logs |
Full Access |
Full Access |
No Access |
Server Manager |
Full Access |
Full Access |
No Access |
Approval Manager |
No Access |
Full Access |
No Access |
A default user named ‘admin’ comes by default with the ADSS Server and is linked with the ‘Administrator’ role. This user can not be deleted from the system and so the role also cannot be deleted from the system either. This is to make sure that the situation does not arise where all users are deleted from the ADSS Server making the system inaccessible. Therefore ADSS Server must have at least one user called ‘admin’. The default certificate for this admin user should be updated and then securely held for emergency use.. |
See also