Menu
▾
▴
Re: [Ejbca-develop] Delegation with Administrator Roles
|
From: Tomas G. <to...@pr...> - 2014-11-11 08:52:45
|
One important thing in profiles are how "available CAs" and "available profiles" are selected. An administrator does not have access to a profile if he/she does not have access to all selected "available" CAs and profiles. Cheers, Tomas ********** PrimeKey Solutions AB Anderstorpsvägen 16, 171 54 Solna, Sweden Mob: +46 (0)707421096 Internet: www.primekey.se Twitter: twitter.com/primekeyPKI ********** On 2014-11-07 10:46, Michael Ströder wrote: > HI! > > (using 6.2) > > I'd like to delegated control (approval, revocation, etc.) for some specific EE > profiles of sub CAs to groups of RA admins. > > Therefore I've created a special sub CA for issuing RA admin certs, let's call > it "CA_RA-Admins" and a EE profile "EE_RA-Admin". > > After that a administrator role was created and certs issued based on > "EE_RA-Admin" were added. > > Access rules were defined granting rights for "Other-Sub-CA" with EE profile > "EE_Others". > > But it does not work. I have to grant rights to "CA_RA-Admins" and the EE > profile "EE_RA-Admin" to make it work. But obviously that's not right. > > Even when issuing certs based EE profile "EE_RA-Admin" with "Other-Sub-CA" it > does not work. > > How do others delegate control to certain administrator roles? > > Ciao, Michael. > > > > ------------------------------------------------------------------------------ > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
