Permissions
This section provides the complete list of permissions required by a CipherTrust Manager user to perform create, read, update, and delete operations on CTE resources.
Create Operations
| Operation | Required Permissions |
|---|---|
| Create CTE client | • CreateClientCTE • ReadClientCTE • ReadProfileCTE |
| Create STANDARD policy with existing policy elements and key | • ReadPolicyCTE • ReadSignatureSetCTE • ReadUserSetCTE • ReadProcessSetCTE • ReadResourceSetCTE • ReadSecurityRuleCTE • ReadClientAndResourceMappingReadCTE • CreatePolicyCTE • CreateKeyRuleCTE • ReadKeyMetaCTE • CreateKeyMetaCTE • UpdateKeyMetaCTE • CreateSecurityRuleCTE • ReadKeyRuleCTE • ReadKey |
Create STANDARD policy with permission to
create policy elements using existing key |• ReadPolicyCTE
• ReadSignatureSetCTE
• ReadUserSetCTE
• ReadProcessSetCTE
• ReadResourceSetCTE
• ReadSecurityRuleCTE
• ReadClientAndResourceMappingReadCTE
• CreatePolicyCTE
• CreateKeyRuleCTE
• ReadKeyMetaCTE
• CreateKeyMetaCTE
• UpdateKeyMetaCTE
• CreateSecurityRuleCTE
• ReadKeyRuleCTE
• ReadKey
• CreateSignatureSetCTE
• CreateUserSetCTE
• CreateProcessSetCTE
• CreateResourceSetCTE
Create client group |• CreateProfileCTE
• ReadProfileCTE
• CreateClientGroupCTE
• ReadClientGroupCTE Create signature set superset |• CreateSignatureSetCTE
• ReadSignatureSetCTE
• ReadClientCTE
• CreateSignatureCTE
• ReadSignatureCTE Create user set superset |• CreateUserSetCTE
• ReadUserSetCTE
• ReadClientCTE Create process set superset |• CreateProcessSetCTE
• ReadProcessSetCTE
• CreateProcessSetSignatureSetAssociationCTE
• CreateSignatureSetCTE
• ReadSignatureSetCTE
• ReadClientCTE
• CreateSignatureCTE
• ReadSignatureCTE Create resource set |• CreateResourceSetCTE
• ReadResourceSetCTE
• ReadClientCTE Create CTE profile |• CreateProfileCTE
• ReadProfileCTE
Create client group - client association |• CreateClientCTE
• ReadClientCTE
• UpdateClientCTE
• CreateClientGroupCTE
• ReadClientGroupCTE
• UpdateClientGroupCTE
• CreateClientGroupClientAssociationCTE
• ReadClientGroupClientAssociationCTE
• UpdateClientGroupClientAssociationCTE
Update Operations
| Operation | Required Permissions |
|---|---|
| Update unregistered client Enable capabilities Reset CTE client password | • ReadClientCTE • UpdateClientCTE |
| Update authentication binaries for client and client group | • ReadClientCTE • UpdateClientCTE • ReadClientGroupCTE • UpdateClientGroupCTE |
| Update CTE policy | • ReadPolicyCTE • ReadSignatureSetCTE • ReadUserSetCTE • ReadProcessSetCTE • ReadResourceSetCTE • ReadSecurityRuleCTE • ReadClientAndResourceMappingReadCTE • CreatePolicyCTE • CreateKeyRuleCTE • ReadKeyMetaCTE • CreateKeyMetaCTE • UpdateKeyMetaCTE • CreateSecurityRuleCTE • ReadKeyRuleCTE • ReadKey • UpdatePolicyCTE • UpdateKeyRuleCTE • UpdateSecurityRuleCTE |
| Update client group | • ReadClientCTE • UpdateClientCTE • ReadClientGroupCTE • UpdateClientGroupCTE • CreateClientGroupClientAssociationCTE • ReadClientGroupClientAssociationCTE • UpdateClientGroupClientAssociationCTE |
| Update signature set | • ReadSignatureSetCTE • ReadClientCTE • CreateSignatureCTE • ReadSignatureCTE • UpdateSignatureSetCTE • UpdateSignatureCTE • ReadClientAndResourceMappingReadCTE |
| Update user set | • ReadUserSetCTE • UpdateUserSetCTE • ReadClientCTE • ReadClientAndResourceMappingReadCTE • ReadClientCTE |
| Update process set | • ReadCTEProcessSet • UpdateCTEProcessSet • CreateCTEProcessSetSignatureSetAssociation • ReadCTEClientAndResourceMappingRead • ReadClientCTE |
| Update resource set | • ReadResourceSetCTE • UpdateResourceSetCTE • ReadClientCTE • ReadCTEClientAndResourceMappingRead |
| Update client profile | • ReadProfileCTE • UpdateProfileCTE |
Read Operations
| Operation | Required Permissions |
|---|---|
| Read CTE client | • ReadClientCTE |
| Read CTE client and its profile | • ReadClientCTE • ReadProfileCTE |
| Read CTE policy | • ReadPolicyCTE • ReadCTEClientAndResourceMappingRead • ReadUserSetCTE • ReadProcessSetCTE • ReadResourceSet • ReadSecurityRuleCTE • ReadKeyRuleCTE |
| Read client group | • ReadClientGroupCTE |
| Read client group and its profile | • ReadClientGroupCTE • ReadProfileCTE |
| Get client group - client association | • ReadClientCTE • ReadClientGroupCTE • ReadClientGroupClientAssociationCTE |
| Read signature set | • ReadSignatureSetCTE |
| Read user set | • ReadUserSetCTE |
| Read process set | • ReadProcessSetCTE |
| Read resource set | • ReadResourceSetCTE |
| Read signature | • ReadSignatureCTE |
| Read CTE profile | • ReadProfileCTE |
Read all reports |• ReadClientsReportCTE
• ReadClientsKeysReportCTE
• ReadClientsProfileReportCTE
• ReadClientsGuardStatusReportCTE
• ReadPolicyKeysReportCTE
• ReadClientsPoliciesReportCTE
• ReadGuardPointsReportCTE
Delete Operations
| Operation | Required Permissions |
|---|---|
| Delete CTE client | • ReadClientCTE • DeleteClientCTE • ReadClientGroupClientAssociationCTE |
| Unenroll CTE client | • ReadClientCTE • UpdateClientCTE • ReadClientsPoliciesReportCTE |
| Delete CTE policy | • DeletePolicyCTE • ReadPolicyCTE |
| Delete client group | • ReadClientGroupCTE • DeleteClientGroupCTE |
| Delete signature set | • ReadSignatureSetCTE • DeleteSignatureSetCTE |
| Delete user set | • ReadUserSetCTE • DeleteUserSetCTE |
| Delete process set | • ReadProcessSetCTE • DeleteProcessSetCTE |
| Delete resource set | • ReadResourceSetCTE • DeleteResourceSetCTE |
| Delete CTE profile | • ReadProfileCTE • DeleteProfileCTE |