Default user roles, user groups, and users

When you install IBM® Security Guardium® Key Lifecycle Manager, some users, user groups, and user roles are available out-of-the-box in WebSphere® Application Server Liberty. Users in the default user groups can have a set of permissions that allow them to perform specific operations in IBM Security Guardium Key Lifecycle Manager.

Default roles

The following list provides the default user roles in IBM Security Guardium Key Lifecycle Manager and their associated tasks:
BRCD_ENCRYPTOR
Performs key management actions on BRCD_ENCRYPTOR storage systems.
DS5000
Perform key management actions on DS5000 storage servers.
DS8000®
Perform key management actions on DS8000 storage servers.
DS8000_TCT
Performs key management actions on DS8000 transparent cloud tearing (TCT) storage servers.
ETERNUS_DX
Perform key management actions on hybrid storage systems.
GENERIC
Perform key management actions on Generic storage devices.
GPFS
Perform key management actions on Spectrum Scale storage servers.
IBM_SYSTEM_X_SED
Perform key management actions on self-encrypting drives.
klmAdminDeviceGroup
Manage administrative operations for a device group.
klmAudit
View audit data.
klmBackup
Create and delete a backup of data.
klmClientUser
Manage clients and their cryptographic objects by using the IBM Security Guardium Key Lifecycle Manager REST APIs.
klmConfigure
Read or change properties, or act on certificates.
klmCreate
Create objects.
klmDelete
Delete objects.
klmFileTransfer
Upload files to or download files from the IBM Security Guardium Key Lifecycle Manager server by using the graphical user interface or REST interface.
klmGet
Export a key or certificate.
klmModify
Modify objects.
klmRestore
Restore a previous backup copy of data.
klmSecurityOfficer
Perform all IBM Security Guardium Key Lifecycle Manager administrative operations and has Super user access rights.
klmView
View objects.
LTO
Perform actions on LTO tape drives.
ONESECURE
Perform key management actions on devices that use OneSecure technology.
PEER_TO_PEER
Perform key management actions on Peer-to-peer storage systems.
(Deprecated) suppressmonitor
Hide other tasks on the WebSphere Integrated Solutions Console.
TS3592
Perform key management actions on TS3592 drives.
XIV®
Perform key management actions on XIV storage systems.

Default user groups and users

The following table provides a list of default user groups, their associated default roles, and any default users.
Table 1. Default IBM Security Guardium Key Lifecycle Manager user groups, roles, and users
Default user group Default user role Default user
LTOAdmin LTO, klmAudit, klmBackup, klmModify, klmConfigure, klmDelete, klmView, klmCreate, suppressmonitor, klmGet -
LTOAuditor LTO, klmAudit, klmView, suppressmonitor -
LTOOperator LTO, klmBackup, klmModify, klmView, klmCreate, suppressmonitor -
PRIMARYADMINID Auditor -
SERVERID Auditor -
klmBackupRestoreGroup klmBackup, klmRestore, suppressmonitor -
klmGUICLIAccessGroup suppressmonitor, Monitor SKLMAdmin
klmSecurityOfficer klmConfigure -
klmSecurityOfficerGroup klmSecurityOfficer, klmFileTransfer, suppressmonitor SKLMAdmin
Table 2. Topic change log
Date Change description
08 Oct 2021 Removed these roles from the default roles list:

Admin Security Manager, Administrator, Auditor, Configurator, Deployed, Operator, Monitor, ISC Admins

10 Sept 2021 Initial version.