Setting up key entry and key management users

Set up user accounts that have sufficient privileges to manage data encryption.

If you use KMIP, define a user with the privilege to configure keys and to activate keys. Therefore, you need at least one user.

If you use the keygen program, define a left key user, a right key user, and a user with activate privileges. Therefore, you need at least two users.

Key management privileges can be granted to the key holders or any other user account.

  1. In the user interface, click the Administration tab.
  2. Select User management > Accounts from the navigation menu.
  3. Click plus sign icon (New user account) to create a new user account.
  4. The New User Account form is displayed.
    Figure 1. New User Account form
    This image is explained in the surrounding text.
  5. Select a mandator in Mandator association.
  6. Select the enforce password changes checkbox.
  7. If the keygen program is used, at least two key holders are required. Each one must have its own user account.
    1. For the first user, in the Global Privileges section, select left public key entry in the Key entry field.
    2. Repeat the previous steps and create a second user account. For the second user, select the right public key entry in the Key entry field.
      Note: You cannot assign both left and right public key entry privileges to a single user.
  8. If KMIP is used, in the Global Privileges section, select configures keys in the Key management field.
  9. To allow the user account to activate any type of master key, select activate keys in the Key management field.
  10. To allow the user account to rotate master keys, select change masterkey in the Key management field. For more information, see Changing the master key.
  11. Save the user account.