Setting up key entry and key management users
Set up user accounts that have sufficient privileges to manage data encryption.
If you use KMIP, define a user with the privilege to configure keys and to activate keys. Therefore, you need at least one user.
If you use the keygen program, define a left key user, a right key user, and a user with activate privileges. Therefore, you need at least two users.
Key management privileges can be granted to the key holders or any other user account.
- In the user interface, click the Administration tab.
- Select from the navigation menu.
- Click (New user account) to create a new user account.
- The New User Account form is displayed.
- Select a mandator in Mandator association.
- Select the enforce password changes checkbox.
- If the keygen program is used, at least two key holders are required. Each
one must have its own user account.
- For the first user, in the Global Privileges section, select left public key entry in the Key entry field.
- Repeat the previous steps and create a second user account. For the second user, select the
right public key entry in the Key entry field.
Note: You cannot assign both left and right public key entry privileges to a single user.
- If KMIP is used, in the Global Privileges section, select configures keys in the Key management field.
- To allow the user account to activate any type of master key, select activate keys in the Key management field.
- To allow the user account to rotate master keys, select change masterkey in the Key management field. For more information, see Changing the master key.
- Save the user account.