CA Auditors
Members of the CA Auditors role can perform the following operations.
- Subscription management
- User management
- CA management
- Certificate management
- Enrollment management
- eForm enrollment
- CA Gateway management
Subscription management
Members of the CA Auditors role cannot manage subscriptions.
| Operation | Authorized |
|---|---|
| Checking your subscriptions | ❌ |
| Assigning subscriptions to partitions | ❌ |
User management
Members of the CA Auditors role cannot manage users.
| Operation | Authorized |
|---|---|
| Inviting users | ❌ |
| Managing roles | ❌ |
CA management
Members of the CA Auditors role can perform the following CA management operations.
Certificate management
Members of the CA Auditors role can perform the following certificate management operations.
| Operation | Authorized |
|---|---|
| Browsing certificates | ✔ |
| Issuing a certificate from CSR | ❌ |
| Issuing a certificate in a PKCS #12 | ❌ |
| Changing the certificate status | ❌ |
| Downloading certificates | ✔ |
Enrollment management
Members of the CA Auditors role can only inspect the enrollment configuration.
| Operation | Authorized |
|---|---|
| Configuring ACME in PKIaaS | Read-only |
| Configuring Intune in PKIaaS | Read-only |
| Configuring Jamf in PKIaaS | Read-only |
| Configuring Workspace ONE in PKIaaS | Read-only |
| Configuring Ivanti in PKIaaS | Read-only |
| Configuring MDM IBM MaaS360 in PKIaaS | Read-only |
eForm enrollment
Members of the Certificate Auditors role cannot perform eForm enrollment operations
| Operation | Authorization |
|---|---|
| Creating eForm TLS enrollment workflows | ❌ |
| Requesting eForm TLS entities | ❌ |
| Approving and managing eForm TLS entities | ❌ |
| Downloading eForm TLS entity certificates | ❌ |
CA Gateway management
Members of the CA Auditors role cannot perform the operation described in Managing CA Gateway credentials.