Introduction

A user account can be created after the Manager is configured. Three types of accounts are supported.

A local account is created and managed on the Manager. If an external Microsoft Active Directory server is configured, an external account can be registered with the system. An external account can be assigned roles or granted vault permissions after it is registered. External PKI certificates can be used for both appliances and user accounts. The following roles can be assigned to user accounts.

Table 1. User Account Roles in Manager application
Role Access
Super User
  • Performs any system action except data vault access.
  • Initial account, admin, is assigned this role but the role can be assigned to others as well.
System Administrator
  • Monitors and configures system components and change Administration settings.
  • Does not have access to account management or vault data.
Read-Only System Administrator
  • Monitors and configures system components.
  • Does not have access to account management or vault data.
Security Officer
  • Performs any account management activities (creating and deleting accounts and assigning privileges).
  • Cannot monitor or configure system components and cannot access data vaults.
Read-Only Security Officer
  • Performs any account management activities (creating and deleting accounts and assigning privileges).
  • Cannot monitor or configure system components and cannot access data vaults.
Operator
  • Monitors actions within Manager.
  • Does not have access to account management, vault data, or Manager configuration.
Vault Provisioner
  • Creates/deletes vaults by using Provisioning API.
  • Does not grant access to the Manager interface.