Default user roles, user groups, and users
When you install IBM Security Guardium Key Lifecycle Manager, some users, user groups, and user roles are available out-of-the-box in WebSphere Application Server Liberty. Users in the default user groups can have a set of permissions that allow them to perform specific operations in IBM Security Guardium Key Lifecycle Manager.
Default roles
The following list provides the default user roles in IBM Security Guardium Key Lifecycle Manager and their associated tasks:
- BRCD_ENCRYPTOR
- Performs key management actions on BRCD_ENCRYPTOR storage systems.
- DS5000
- Perform key management actions on DS5000 storage servers.
- DS8000®
- Perform key management actions on DS8000 storage servers.
- DS8000_TCT
- Performs key management actions on DS8000 transparent cloud tearing (TCT) storage servers.
- ETERNUS_DX
- Perform key management actions on hybrid storage systems.
- GENERIC
- Perform key management actions on Generic storage devices.
- GPFS
- Perform key management actions on Spectrum Scale storage servers.
- IBM_SYSTEM_X_SED
- Perform key management actions on self-encrypting drives.
- klmAdminDeviceGroup
- Manage administrative operations for a device group.
- klmAudit
- View audit data.
- klmBackup
- Create and delete a backup of data.
- klmClientUser
- Manage clients and their cryptographic objects by using the IBM Security Guardium Key Lifecycle Manager REST APIs.
- klmConfigure
- Read or change properties, or act on certificates.
- klmCreate
- Create objects.
- klmDelete
- Delete objects.
- klmFileTransfer
- Upload files to or download files from the IBM Security Guardium Key Lifecycle Manager server by using the graphical user interface or REST interface.
- klmGet
- Export a key or certificate.
- klmModify
- Modify objects.
- klmRestore
- Restore a previous backup copy of data.
- klmSecurityOfficer
- Perform all IBM Security Guardium Key Lifecycle Manager administrative operations and has Super user access rights.
- klmView
- View objects.
- LTO
- Perform actions on LTO tape drives.
- ONESECURE
- Perform key management actions on devices that use OneSecure technology.
- PEER_TO_PEER
- Perform key management actions on Peer-to-peer storage systems.
- (Deprecated) suppressmonitor
- Hide other tasks on the WebSphere Integrated Solutions Console.
- TS3592
- Perform key management actions on TS3592 drives.
- XIV®
- Perform key management actions on XIV storage systems.
Default user groups and users
The following table provides a list of default user groups, their associated default roles, and any default users.Default user group | Default user role | Default user |
---|---|---|
LTOAdmin | LTO, klmAudit, klmBackup, klmModify, klmConfigure, klmDelete, klmView, klmCreate, suppressmonitor, klmGet | - |
LTOAuditor | LTO, klmAudit, klmView, suppressmonitor | - |
LTOOperator | LTO, klmBackup, klmModify, klmView, klmCreate, suppressmonitor | - |
PRIMARYADMINID | Auditor | - |
SERVERID | Auditor | - |
klmBackupRestoreGroup | klmBackup, klmRestore, suppressmonitor | - |
klmGUICLIAccessGroup | suppressmonitor, Monitor | SKLMAdmin |
klmSecurityOfficer | klmConfigure | - |
klmSecurityOfficerGroup | klmSecurityOfficer, klmFileTransfer, suppressmonitor | SKLMAdmin |
Date | Change description |
08 Oct 2021 | Removed these roles from the default roles list: Admin Security Manager, Administrator, Auditor, Configurator, Deployed, Operator, Monitor, ISC Admins |
10 Sept 2021 | Initial version. |