ADSS Web RA supports granular Role Based Access Control (RBAC) management along with their fine grained authorization, i.e. read, add/ edit, and delete access on different Admin modules/ sub modules. Based on the administration requirements, you can create multiple roles that contain modular access and may assign them to Admin RAOs and Enterprise RAOs accordingly to share restricted access in the system.

How it Works?


  1. In a production environment, only the following modules should be allowed to the Enterprise Operator in its role:
    • Enterprises
    • Users
    • Vetting & Approvals
    • Certificates
  1. When creating an Enterprise Operator, assign the role created for it and only allow the Enterprise(s) that he is supposed to manage
  2. An Enterprise Operator can only see the enterprises that are assigned to him
  3. An Enterprise Operator can only see the vetting requests, users and certificates of the enterprise(s) that are assigned to him
  4. If Vetting is enabled and some ADSS Profiles exist with option "Only admins can vet certificate requests for this profile" then the following rules are applicable:
    • An Admin RAO can see:
      • List of all enterprises
      • List of all users regardless their affiliation to any enterprise
      • Only high assurance certificate requests (for which "Only Admins can vet certificate request..." is enabled in the ADSS Profile)
      • List of all certificates regardless of the enterprise affiliation
    • An Enterprise RAO can see:
      • Only enterprises assigned to him
      • Only users that belong to his enterprises
      • Only certificate requests submitted by his enterprise users
      • Only certificates issued by his enterprises