Home >

Lunacm Command Reference Guide > LunaCM Commands > role > role init

role init

Initializes (creates) the named role on the current partition / slot, if applicable.

Use the command role list to see which roles are possible on the current partition/slot.

Syntax

role init -name <string> [-password <string>]

Parameter Shortcut Description
-name -n name of role to be initialized
-password -p password for role

Example1

lunacm:> role init -name Crypto Officer

        Please attend to the PED.

Command Result : No Error

lunacm:>

 

Example2

lunacm:> role init -name Auditor

        Please attend to the PED.

Command Result : No Error

lunacm:> 

 

Note:  The Auditor role can exist only on the HSM's administrative partition, and shares that partition with the HSM Security Officer or SO (firmware 6.22.0 and newer). The Auditor role cannot be initialized by another role. Therefore, if the HSM SO is currently logged in, the SO must log out before you run role init to create the Auditor.

Note:  When the Auditor role is created, it has no domain set. To allow Auditor to clone, you must log in as Auditor and run the command role setDomain.   See role setdomain.  

Note:  This command is used for HSMs with firmware version 6.22.0 or newer. Expect an entry like 'LUNA_INIT_PIN returned RC_OK(0x00000000) roleID=8 container=3 'in the audit log, when the Auditor role is initialized. To initialize audit logging for HSMs with older firmware, use audit init.