Home > Access Control > Roles > Default System Roles

Default System Roles

ADSS Server has the following default roles:

The table below shows the access rights for these roles. Note all low-level modules are automatically assigned (although not explicitly shown below). Full access means ability to create, read, amend and delete records:

Role Name Administrator Security Officer Auditor
Signing Service Full Access Full Access Transaction Logs
Verification Service Full Access Full Access Transaction Logs
Certification Service Full Access Full Access Transaction Logs
OCSP Service Full Access Full Access Transaction Logs
TSA Service Full Access Full Access Transaction Logs
XKMS Service Full Access Full Access Transaction Logs
SCVP Service Full Access Full Access Transaction Logs
LTANS Service Full Access Full Access Transaction Logs
Go>Sign Service Full Access Full Access Transaction Logs
RA Service Full Access Full Access Transaction Logs
Key Manager Full Access Full Access No Access
Trust Manager Full Access Full Access No Access
CRL Monitor Full Access Full Access No Access
Manage CAs Full Access Full Access No Access
Access Control Full Access Full Access No Access
Client Manager Full Access Full Access No Access
System Logs Full Access Full Access No Access
Server Manager Full Access Full Access No Access
Approval Manager No Access Full Access No Access

A default user named ‘admin’ comes by default with the ADSS Server and is linked with the ‘Administrator’ role. This user can not be deleted from the system and so the role also cannot be deleted from the system either. This is to make sure that the situation does not arise where all users are deleted from the ADSS Server making the system inaccessible. Therefore ADSS Server must have at least one user called ‘admin’. The default certificate for this admin user should be updated and then securely held for emergency use.

See also

Creating New Roles