ADSS Server has the following default roles:

  • Administrator
  • Security Officer
  • Auditor

The table below shows the access rights for these roles. Note all low-level modules are automatically assigned (although not explicitly shown below). Full access means ability to create, read, amend and delete records:

Role Name

Administrator

Security Officer

Auditor

Signing Service

Full Access

Full Access

Transaction Logs

Verification Service

Full Access

Full Access

Transaction Logs

Certification Service

Full Access

Full Access

Transaction Logs

OCSP Service

Full Access

Full Access

Transaction Logs

TSA Service

Full Access

Full Access

Transaction Logs

XKMS Service

Full Access

Full Access

Transaction Logs

SCVP Service

Full Access

Full Access

Transaction Logs

LTANS Service

Full Access

Full Access

Transaction Logs

Go>Sign Service

Full Access

Full Access

Transaction Logs

RA Service

Full Access

Full Access

Transaction Logs

Key Manager

Full Access

Full Access

No Access

Trust Manager

Full Access

Full Access

No Access

CRL Monitor

Full Access

Full Access

No Access

Manage CAs

Full Access

Full Access

No Access

Access Control

Full Access

Full Access

No Access

Client Manager

Full Access

Full Access

No Access

System Logs

Full Access

Full Access

No Access

Server Manager

Full Access

Full Access

No Access

Approval Manager

No Access

Full Access

No Access



A default user named ‘admin’ comes by default with the ADSS Server and is linked with the ‘Administrator’ role. This user can not be deleted from the system and so the role also cannot be deleted from the system either. This is to make sure that the situation does not arise where all users are deleted from the ADSS Server making the system inaccessible. Therefore ADSS Server must have at least one user called ‘admin’. The default certificate for this admin user should be updated and then securely held for emergency use..


See also

Creating New Roles