User Access Control
Access to your HSM is controlled through implementation of HSM and partition-level users and roles. Some of these identities are mandatory, some are optional, and the way you use them is up to you and your organization.
A user is anyone who has access to the HSM or partition in question. A user can have one role associated with it, which grants the user certain access privileges. Different roles will allow the user to perform a different set of commands, depending on the role's function.
For detailed instructions on creating and initializing roles and users, see the Administration Guide.
HSM Level Users and Roles
Roles that access the HSM, the cryptographic engine within or connected to the host, include mandatory roles (see Mandatory Roles) and optional roles (see Optional Roles).
Mandatory Roles
| HSM Security Officer (HSM SO) |
HSM Administrator (HSM Only) >Initializes the HSM >Creates and deletes application partitions >Sets and changes global HSM Policies >Manages HSM-level backup and restore operations |
|
Application Partition Security Officer (Partition SO) Blue PED Key |
>Creates partition-level roles >Activates partition >Sets and changes partition-level Policies >Manages partition-level backup and restore operations >Resets passwords |
|
Application Partition Crypto Officer (CO) Black PED Key |
Shares same administrative capabilities as Partition SO, as well as >Creates and modifies cryptographic objects in the partition >Creates Crypto User role |
NOTE The Partition Security Officer role is responsible for initial setup and maintenance of the partition, while the Crypto Officer is the partition owner who changes and manages its cryptographic objects.
Optional Roles
|
Application Partition Crypto User (CU) Grey PED Key |
Restricted read-only user >Uses cryptographic objects like encrypt/decrypt and sign/verify |
|
Auditor White PED Key |
>Manages HSM audit logging |
In addition to the HSM roles listed above, certain other HSM-wide secrets exist for special purposes. Those include:
>Cloning domain (Red PED Key): determines whether the "cloning" (secure copy of cryptographic objects) operation is permitted between two HSMs (which must share identical domain secrets); cloning is used in some forms of backup, as well as in HA.
>Remote PED vector (Orange PED Key): for PED-authenticated HSMs only, permits establishing a secure path for the HSM to access remotely-located Luna PEDs and PED keys.
Partition Level Users and Roles
Independent application partitions are created by the HSM Administrator, but ownership and management of a partition falls on the separate Partition SO role.
For HSMs that contain multiple partitions, each partition acts as its own virtual HSM and has its own set of mandatory roles (see Mandatory Roles), excluding HSM Administrator (HSM SO), and optional roles (Optional Roles).
Optional Roles
|
Application Partition Crypto User (CU) Grey PED Key |
Restricted read-only user >Uses cryptographic objects like encrypt/decrypt and sign/verify |
|
Auditor White PED Key |
>Manages partition audit logging |
In addition to the roles listed above, each HSM Partition requires:
> Cloning domain (Red PED Key): allows the secure copy of the partition's cryptographic objects to another partition (which shares an identical domain secret) in backup or HA operations.
>Remote PED vector (Orange PED Key): for PED-authenticated partition only, permits establishing a secure path for the HSM Partition to access remotely-located Luna PEDs and PED keys.
