Enrollment Workflow Auditors

Members of the Enrollment Workflow Auditors role can perform the following operations.

Subscription management

Members of the Enrollment Workflow Auditors role cannot manage subscriptions.

Operation	Authorized
Checking your subscriptions	❌
Assigning subscriptions to partitions	❌

Members of the Enrollment Workflow Auditors role cannot manage users.

Operation	Authorized
Inviting users	❌
Managing roles	❌

Members of the Enrollment Workflow Auditors role can perform the following CA management operations.

Operation	Authorized
Browsing CAs	✔
Creating a root authority	❌
Creating an intermediate subordinate authority	❌
Creating an issuing subordinate authority	❌
Importing an external root authority	❌
Downloading a CA certificate	❌
Selecting CA profiles	❌
Deleting a CA	❌

Members of the Enrollment Workflow Auditors role can perform the following certificate management operations.

Operation	Authorized
Browsing certificates	✔
Issuing a certificate from CSR	❌
Issuing a certificate in a PKCS #12	❌
Changing the certificate status	❌
Downloading certificates	✔

Members of the Enrollment Workflow Auditors role can only inspect the enrollment configuration.

Operation	Authorized
Configuring ACME in PKIaaS	Read-only
Configuring Intune in PKIaaS	Read-only
Configuring Jamf in PKIaaS	Read-only
Configuring Workspace ONE in PKIaaS	Read-only
Configuring Ivanti in PKIaaS	Read-only
Configuring MDM IBM MaaS360 in PKIaaS	Read-only

Members of the Enrollment Workflow Auditors role can perform the following eForm enrollment operations

Operation	Authorization
Creating eForm TLS enrollment workflows	❌
Requesting eForm TLS entities	❌
Approving and managing eForm TLS entities	❌
Downloading eForm TLS entity certificates	✔

Members of the Enrollment Workflow Auditors role cannot perform the operation described in Managing CA Gateway credentials.