Overview

The TPS supports the following roles:

• TPS Administrator

• TPS Agent

• TPS Operator

The permissions for each role are defined in TPS ACL.

A user can have multiple roles. The default TPS admin user will have all of the above roles.

TPS Administrator

A TPS administrator is allowed to:

• manage TPS tokens

• view TPS certificates and activities

• manage TPS users and groups

• configure general TPS configuration

• manage TPS authenticators and connectors

• configure TPS profiles and profile mappings

• configure TPS audit logging

By default a TPS administrator is allowed to access the following TPS components:

• Authentication_Sources

• Subsystem_Connections

• Profiles

• Profile_Mappings

This can be configured in the following property in /var/lib/pki/pki-tomcat/conf/tps/CS.cfg:

target.configure.list=Authentication_Sources,Subsystem_Connections,Profiles,Profile_Mappings

TPS Agent

A TPS agent is allowed to:

• configure TPS tokens

• view TPS certificates and activities

• change the status of TPS profiles

TPS Operator

A TPS operator is allowed to:

• view TPS tokens, certificates, and activities

See Also

• Adding TPS Agent

• Enabling TPS Agent Approval

• Adding TPS Operator