Installing IBM® Security Guardium® Key Lifecycle Manager creates the
SKLMAdmin user ID, which has the
klmSecurityOfficer role as the default super user.
A permission from IBM Security Guardium Key Lifecycle Manager enables an action or the use of a device group. A role in IBM Security Guardium Key Lifecycle Manager is one or more permissions.
- Installation assigns the
klmSecurityOfficerrole to this group. The
klmSecurityOfficerrole replaces the previous
klmApplicationRolerole in the group that was named
- Back up and restore IBM Security Guardium Key Lifecycle Manager.
- Administer devices in the LTO device family with actions that include create, view, modify, delete, get (export), back up, and configure.
- Operate devices in the LTO device family with actions that include create, view, modify, and back up.
- Audit devices in the LTO device family with actions that include view and audit.
- Provides IBM Security Guardium Key Lifecycle Manager graphical user interface
access to the users. Every product user must be a part of this group.Note: Along with this access to the group, the users must be provided other accesses to be a functional product user.
- IBM Security Guardium Key Lifecycle Manager global configuration parameters that are defined in the SKLMConfig.properties file.
- The key server status and last backup date.
|Permission||Enables these actions||Unrelated to device groups||Associated with device groups|
||Create but not view, modify, or delete objects.|
||Delete objects, but not view, modify, or create objects.|
||Export a key or certificate for a client device.|
||Modify objects, but not view, create, or delete objects.|
||View objects, but not create, delete, or modify objects. For example, you must have this permission to see the tasks you want to do on the graphical user interface.|
||Administer. Create a device group, set default parameters, view, delete an empty device group. This permission does not provide access to devices, keys, or certificates.|
||View audit data.|
||Create and delete a backup of IBM Security Guardium Key Lifecycle Manager data.|
||Read and change IBM Security Guardium Key Lifecycle Manager configuration properties, or act on TLS certificate. Add, view, update, or delete the keystore.|
||Restore a previous backup copy of IBM Security Guardium Key Lifecycle Manager data.|
klmSecurityOfficer role also has root access to permissions for all device
|Permission||Allows actions on these objects|
||LTO device family|
||3592 device family|
||DS5000 device family|
||DS8000 device family|
||BRCD_ENCRYPTOR device group|
||ONESECURE device group|
||ETERNUS_DX device group|
||XIV® device group|
||IBM_SYSTEM_X_SED device group|
||GPFS device family|
||Objects in the GENERIC device family.|
|userdevicegroup||A user-defined instance such as