Approval Manager
The Approval Manager module when licensed provides the option to dually authenticate the add/edit or delete operations using ADSS Server Console. It makes sure that no change is made unnoticed within the ADSS Server Console. When dual control is enabled it means that if one operator performs a configuration operation and creates, edit or deletes any element in any record then that action is left pending until a second operator (the security officer) has approved the operation. Both operators must have suitable privileges to access the Approval Manager. This ensures that critical changes cannot be made without considered approval by two suitably privileged members of staff.
An ADSS Server operator that has access to the Approval Manager is deemed to be a Security Officer role holder, as this privileged role allows the Security Officer to approve or reject operations performed by other operators. Security Officers cannot approve their own operations ensuring that dual control is preserved in all cases. The Security Officer can perform others configurations on ADSS Server depending on the privileges assigned to them. If this is not required then additional privileges should not be assigned.
See also
Getting Started
Concepts & Architecture
ADSS RA Service
ADSS Certification Service
ADSS Signing Service
ADSS Go>Sign Service
ADSS RAS Service
ADSS SAM Service
ADSS CSP Service
ADSS TSA Service
ADSS Verification Service
ADSS OCSP Monitor
ADSS OCSP Service
ADSS SCVP Service
ADSS XKMS Service
ADSS LTANS Service
ADSS HMAC Service
ADSS Decryption Service
ADSS OCSP Repeater Service
ADSS NPKD Service
ADSS SPOC Service
Manage CAs
Key Manager
Trust Manager
ADSS CRL Monitor
Global Settings
Access Control
Client Manager
System Log Viewer
Server Manager
Operational Management
Advanced Configuration