Menu
▾
▴
[Ejbca-develop] Delegation with Administrator Roles
|
From: Michael S. <mi...@st...> - 2014-11-07 09:46:47
|
HI! (using 6.2) I'd like to delegated control (approval, revocation, etc.) for some specific EE profiles of sub CAs to groups of RA admins. Therefore I've created a special sub CA for issuing RA admin certs, let's call it "CA_RA-Admins" and a EE profile "EE_RA-Admin". After that a administrator role was created and certs issued based on "EE_RA-Admin" were added. Access rules were defined granting rights for "Other-Sub-CA" with EE profile "EE_Others". But it does not work. I have to grant rights to "CA_RA-Admins" and the EE profile "EE_RA-Admin" to make it work. But obviously that's not right. Even when issuing certs based EE profile "EE_RA-Admin" with "Other-Sub-CA" it does not work. How do others delegate control to certain administrator roles? Ciao, Michael. |
