User Access Control
Access to your HSM is controlled through implementation of
A user is anyone who has access to the
For detailed instructions on creating and initializing roles and users, see the Administration Guide.
Appliance Level Users and Roles
The standard administrative roles associated with the SafeNet appliance are shown in Appliance Level Roles.
The SafeNet appliance includes one user per role by default. When you connect and log in to the appliance as a user with one of the standard roles, you are able to see and use only those commands that are available to you.
An Admin user can create additional named roles on the SafeNet appliance. They can also create new users, and assign any role to that user.
NOTE You must be logged in as the appliance admin before you can access further authentication layers such as HSM Admin, Partition Owner, Crypto Officer.
Custom User Roles
An admin user can create custom named roles that have access to a specific subset of commands, allowing unique task delegation that suits organizational needs. They can also create new named users, and assign any role to that user.
The custom role is defined by a list of the commands that it can run. The role can be applied to and removed from any existing user to give them access to only the commands they require for a particular operation. This ensures that a given user does not obtain access beyond their security clearance.
For example, a custom role containing only commands related to backup can be named and assigned to a user to perform backup operations only.
HSM Level Users and Roles
Roles that access the HSM, the cryptographic engine within or connected to the host, include mandatory roles (see Mandatory Roles) and optional roles (see Optional Roles).
Mandatory Roles
HSM Security Officer (HSM SO) |
HSM Administrator (HSM Only) >Initializes the HSM >Creates and deletes application partitions >Sets and changes global HSM Policies >Manages HSM-level backup and restore operations |
Application Partition Security Officer (Partition SO) Blue PED Key |
>Creates partition-level roles >Activates partition >Sets and changes partition-level Policies >Manages partition-level backup and restore operations >Resets passwords |
Application Partition Crypto Officer (CO) Black PED Key |
Shares same administrative capabilities as Partition SO, as well as >Creates and modifies cryptographic objects in the partition >Creates Crypto User role |
NOTE The Partition Security Officer role is responsible for initial setup and maintenance of the partition, while the Crypto Officer is the partition owner who changes and manages its cryptographic objects.
Optional Roles
Application Partition Crypto User (CU) Gray PED Key |
Restricted read-only user >Uses cryptographic objects like encrypt/decrypt and sign/verify |
Auditor (AU) White PED Key |
>Manages HSM audit logging |
In addition to the HSM roles listed above, certain other HSM-wide secrets exist for special purposes. Those include:
>Cloning domain (Red PED Key): determines whether the "cloning" (secure copy of cryptographic objects) operation is permitted between two HSMs (which must share identical domain secrets); cloning is used in some forms of backup, as well as in HA.
>Remote PED vector (Orange PED Key): for PED-authenticated HSMs only, permits establishing a secure path for the HSM to access remotely-located Luna PEDs and PED keys.
Partition Level Users and Roles
Independent application partitions are created by the HSM Administrator, but ownership and management of a partition falls on the separate Partition SO role.
For HSMs that contain multiple partitions, each partition acts as its own virtual HSM and has its own set of mandatory roles (see Mandatory Roles), excluding HSM Administrator (HSM SO), and optional roles (Optional Roles).
Optional Roles
Application Partition Crypto User (CU) Gray PED Key |
Restricted read-only user >Uses cryptographic objects like encrypt/decrypt and sign/verify |
Auditor (AU) White PED Key |
>Manages partition audit logging |
In addition to the roles listed above, each HSM Partition requires:
> Cloning domain (Red PED Key): allows the secure copy of the partition's cryptographic objects to another partition (which shares an identical domain secret) in backup or HA operations.
>Remote PED vector (Orange PED Key): for PED-authenticated partition only, permits establishing a secure path for the HSM Partition to access remotely-located Luna PEDs and PED keys.