CMS Privileged Users and Groups (Roles)
Appendix
B
Common Criteria Environment: Setup and Operations
683
communicate with the DRM securely, the DRM administrator creates a CA
user in the DRM with the Trusted Manager role. All communications
between the CA and DRM are then made through this special user with the
CA’s certificate over SSL client-authentication and Trusted Manager role
authorization.
OCSP
•
Administrators
❍
Can start/stop server (from the command-line).
❍
Can perform all configuration management for DRM (via the CMS
Console).
❍
Can backup (CMSBackup) and restore (CMSRestore) the subsystem from
the command-line.
•
Online Certificate Status Manager Agents
❍
Can add CRLs (to the OCSP Responder Agent interface via SSL-capable
browsers).
❍
Can define supported CAs (via SSL-capable browsers to the OCSP
Responder Agent interface).
•
Auditors
❍
Can view signed audit logs (via the CMS Console). This is the only role
allowed this privilege.
❍
Can verify audit log signatures by running the AuditVerify tool (from the
IT environment).
About Roles
Of all privileged roles supported by CMS, the Certificate Manager Agents role, the
Registration Manager Agents role, and the DRM Agent Role are the ones that map
directly to the “Officer” role defined in the ST and the CIMC PP. The Online
Certificate Status Manager Agents are a sub-group of the Administrator role
defined in the CIMC PP. The following further specifies this mapping:
Summary of Contents for Certificate Management System 6.1
Page 1: ...Administrator s Guide Netscape Certificate Management System Version6 1 February 2003...
Page 28: ...Documentation 28 Netscape Certificate Management System Administrator s Guide February 2003...
Page 82: ...Uninstalling CMS 82 Netscape Certificate Management System Administrator s Guide February 2003...
Page 382: ...ACL Reference 382 Netscape Certificate Management System Administrator s Guide February 2003...
Page 794: ...Managing Certificates 794 Managing Servers with Netscape Console December 2001...
Page 810: ...The SSL Handshake 810 Managing Servers with Netscape Console December 2001...
Page 828: ...828 Netscape Certificate Management System Administrator s Guide February 2003...