LTOAdmin group

You can use membership in the LTOAdmin group to administer devices in the LTO device family with actions that include create, view, modify, delete, get (export), back up, and configure.

This group includes the following permissions:

Table 1. Permissions for actions
Permission Enables these actions
LTO LTO device family
klmCreate Create but not view, modify, or delete objects.
klmDelete Delete objects, but not view, modify, or create objects.
klmGet Export a key or certificate for a client device.
klmModify Modify objects, but not view, create, or delete objects.
klmView View objects, but not create, delete, or modify objects.
klmAudit View audit data by using the tklmServedDataList command.
klmBackup Create and delete a backup of IBM® Security Guardium® Key Lifecycle Manager data.
klmConfigure Read and change IBM Security Guardium Key Lifecycle Manager configuration properties, or act on TLS certificate.