EJBCA provides default Role Templates designed to cover most use cases and be easily extendable. If none of these fit your needs, you can create a custom role using the Custom template and manually configure the role in Advanced Mode.
For a full list of access rules, see Access Rules.
Role Template Name
Rights
Super Administrator
Has overall access to EJBCA
Can edit system configuration
Can manage CAs
Can manage publishers (LDAP, AD, custom)
Can create CA administrators
CA Administrator
manages certificate profiles
manages end entity profiles
manages log configuration
manages publishers
manages key validators
can create RA administrators
can renew a CA using an existing key
can have full read access to the audit log
CA Administrators are not authorized to generate new keys, only renew using existing ones.
RA Administrator
can create end entities
can modify end entities
can revoke end entities
can delete end entities
can view existing end entities and their history
can have full read access to the audit log
Supervisor
has full read access to the Audit log
can search for and view end entities
can view certificates
Auditor
has full read access to the Audit Log
has full read access to authorized CAs
has full read access to authorized Certificate Profiles
has full read access to Crypto Tokens and keys
has full read access to authorized Publishers
has full read access to authorized End Entities
has full read access to authorized End Entity Profiles
has full read access to authorized Key Validators
has limited read access to Roles and Access Rules
has full read access to Internal Key Bindings
has full read access to Peer Systems
has full read access to Services
has full read access to SCEP aliases and authorized CMP aliases
