Default user roles, user groups, and users
When you install IBM Guardium Key Lifecycle Manager, some users, user groups, and user roles are available in WebSphere Application Server Liberty. Users in the default user groups can have a set of permissions that allow them to run specific operations in IBM Guardium Key Lifecycle Manager.
Default roles
The default endpoint roles are created automatically when an endpoint with a default name is
created. For example, when you create an endpoint such as LTO, the default user roles are displayed
on the page. The following list provides the default user roles in IBM Guardium Key Lifecycle Manager and their associated tasks:
- klmAdminDeviceGroup
- Manage administrative operations for an endpoint.
- klmAudit
- View audit data.
- klmBackup
- Create and delete a backup of data.
- klmClientUser
- Manage clients and their cryptographic objects by using the IBM Guardium Key Lifecycle Manager REST APIs.
- klmConfigure
- Read or change properties, or act on certificates.
- klmCreate
- Create objects.
- klmDelete
- Delete objects.
- klmFileTransfer
- Upload files to or download files from the IBM Guardium Key Lifecycle Manager server by using the graphical user interface or REST interface.
- klmGet
- Export a key or certificate.
- klmModify
- Modify objects.
- klmRestore
- Restore a previous backup copy of data.
- klmSecurityOfficer
- Perform all IBM Guardium Key Lifecycle Manager administrative operations and has Super user access rights.
- klmView
- View objects.
Default user groups and users
The following table provides a list of default user groups, their associated default roles, and any default users.| Default user group | Default user role | Default user |
|---|---|---|
| LTOAdmin | LTO, klmAudit, klmBackup, klmModify, klmConfigure, klmDelete, klmView, klmCreate, suppressmonitor, klmGet | - |
| LTOAuditor | LTO, klmAudit, klmView, suppressmonitor | - |
| LTOOperator | LTO, klmBackup, klmModify, klmView, klmCreate, suppressmonitor | - |
| klmBackupRestoreGroup | klmBackup, klmRestore, suppressmonitor | - |
| klmGUICLIAccessGroup | suppressmonitor, Monitor | SKLMAdmin |
| klmSecurityOfficerGroup | klmSecurityOfficer, klmFileTransfer, suppressmonitor | SKLMAdmin |