Creating a role
A role defines permissions and other characteristics of the users assigned to that role.
To create a role, complete the following steps:
- From the Access Control menu, click Roles. A list of currently defined roles is displayed.
- Select New to display the Role Management window. At any
time in the process, click List to return to the list of currently
defined roles.
Figure 1. Role Management window 
- Define the role by using the following parameters:
- Role ID
- A character string that defines the name of the role. This name is contained in each user profile that is associated with this role.
- Comment
- An optional character string to describe the role.
- Required authentication strength
- When a user logs on, the strength of the authentication provided is compared to the strength level required for the role. If the authentication strength is less than that required, the user cannot log on. Currently only the passphrase authentication method is supported. Use a strength of 50.
- Valid times and valid days
- When the user can log on. Note that these times are Coordinated Universal Time. If you are not already familiar with the access control system, see the chapter about access control system of the IBM CCA Basic Services Reference and Guide for the IBM® 4767 PCIe Cryptographic Coprocessors manual.
- Restricted operations and permitted operations
- A list defining the commands the role is allowed to use.
Each CCA API verb might require one or more commands to obtain service from the coprocessor. The user requesting service must be assigned to a role that permits those commands needed to run the verb.
For more information about CCA verb calls and commands, refer to the IBM CCA Basic Services Reference and Guide for the IBM 4767 and IBM 4765 PCIe Cryptographic Coprocessors manual.
- Click Save to save the role to disk.
- Click Load to load the role into the coprocessor.