Re: [Ejbca-develop] Delegation with Administrator Roles

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Tomas Gustavsson wrote:
> One important thing in profiles are how "available CAs" and "available 
> profiles" are selected. An administrator does not have access to a 
> profile if he/she does not have access to all selected "available" CAs 
> and profiles.

Now the interesting question is what "have access" really means (see my own
follow-up). Obviously the RA admin of another sub CA should not be able to let
the admin CA issue arbitrary certs.

Ciao, Michael.