Managing Roles and Access Rules from the RA

Role management is available in the RA Web as of EJBCA 6.8.0, allowing RA administrators to manage their users and roles without access to the CA. The Role Management tab is visible among the menu items in the RA Web if the logged in administrator has sufficient access rights to manage roles.

RA role management consists of functionality similar to Administrator Roles in the Administrator Web, including:

  • Viewing existing roles and role members
  • Creating new roles and namespaces
  • Adding members to roles
  • Editing end entity permissions

Edit / Create Role

From the RA Web menu, roles can be added or edited through Role Management > Roles. In the edit page, CAs and End Entity Profile, authorized by the logged in administrator are displayed in the Available box. Moving items to the Allowed box will grant corresponding access to the members of the role. Access may also be granted to other RA related operations using thEnd Entity permissions options.

Role Members

Members can be added to an existing role or edited through Role Management > Role Members. Similar to the administrator web, options are available to select role, match with attribute and select CA to associate the member with.

Namespaces

Namespace to be associated with a role may be selected from the list menu at the top of the page when creating or editing a role. A new namespace can also be created by selecting Create new namespace from the list menu (if the logged in administrator is authorized to do so). For more information on namespaces, see Roles and Access Rules.