Default System Roles

ADSS Server has the following default roles:

Administrator
Security Officer
Auditor

The table below shows the access rights for these roles. Note all low-level modules are automatically assigned (although not explicitly shown below). Full access means ability to create, read, amend and delete records:

Role Name	Administrator	Security Officer	Auditor
Signing Service	Full Access	Full Access	Transaction Logs
Verification Service	Full Access	Full Access	Transaction Logs
Certification Service	Full Access	Full Access	Transaction Logs
OCSP Service	Full Access	Full Access	Transaction Logs
TSA Service	Full Access	Full Access	Transaction Logs
XKMS Service	Full Access	Full Access	Transaction Logs
SCVP Service	Full Access	Full Access	Transaction Logs
LTANS Service	Full Access	Full Access	Transaction Logs
Go>Sign Service	Full Access	Full Access	Transaction Logs
RA Service	Full Access	Full Access	Transaction Logs
Key Manager	Full Access	Full Access	No Access
Trust Manager	Full Access	Full Access	No Access
CRL Monitor	Full Access	Full Access	No Access
Manage CAs	Full Access	Full Access	No Access
Access Control	Full Access	Full Access	No Access
Client Manager	Full Access	Full Access	No Access
System Logs	Full Access	Full Access	No Access
Server Manager	Full Access	Full Access	No Access
Approval Manager	No Access	Full Access	No Access

A default user named ‘admin’ comes by default with the ADSS Server and is linked with the ‘Administrator’ role. This user can not be deleted from the system and so the role also cannot be deleted from the system either. This is to make sure that the situation does not arise where all users are deleted from the ADSS Server making the system inaccessible. Therefore ADSS Server must have at least one user called ‘admin’. The default certificate for this admin user should be updated and then securely held for emergency use.