Owners

Members of the Owners role can perform all supported PKIaaS operations.

Subscription management

Members of the Owners role can perform all subscription management operations.

Operation	Authorized
Checking your subscriptions	✔
Assigning subscriptions to partitions	✔

Members of the Owners role can perform all user management operations.

Operation	Authorized
Inviting users	✔
Managing roles	✔

Members of the Owners role can perform all CA management operations.

Operation	Authorized
Browsing CAs	✔
Creating a root authority	✔
Creating an intermediate subordinate authority	✔
Creating an issuing subordinate authority	✔
Importing an external root authority	✔
Downloading a CA certificate	✔
Selecting CA profiles	✔
Deleting a CA	✔

Members of the Owners role can perform all certificate management operations.

Operation	Authorized
Browsing certificates	✔
Issuing a certificate from CSR	✔
Issuing a certificate in a PKCS #12	✔
Changing the certificate status	✔
Downloading certificates	✔

Members of the Owners role can perform all the enrollment automation operations.

Operation	Authorized
Configuring ACME in PKIaaS	✔
Configuring Intune in PKIaaS	✔
Configuring Jamf in PKIaaS	✔
Configuring Workspace ONE in PKIaaS	✔
Configuring Ivanti in PKIaaS	✔
Configuring MDM IBM MaaS360 in PKIaaS	✔

Members of the Owners role can perform all the eForm enrollment operations.

Operation	Authorization
Creating eForm TLS enrollment workflows	✔
Requesting eForm TLS entities	✔
Approving and managing eForm TLS entities	✔
Downloading eForm TLS entity certificates	✔

Members of the Owners role can perform the operation described in Managing CA Gateway credentials.