User Roles
As part of the SafeNet ProtectToolkit-C configuration process, different user roles are assigned to those responsible for application administration and use.
For SafeNet ProtectToolkit-C, there are four defined roles available. These are:
>Administration Security Officer (ASO)
For public access roles, see Unauthenticated Users.
Standard PKCS #11 defines the Security Officer (SO) and the Token Owner or User roles. Each slot and its associated token will have an SO and a User, each with their own respective PINs. A Security Officer grants and revokes access to a token and assists with key backups. A Token Owner uses the token for the application.
Two additional roles are only available on the Admin token. The holders of these roles handle HSM-level administration and management. These are the Administration Security Officer (ASO) and the Administrator. These roles effectively mirror their standard PKCS #11 counterparts.
It should be noted that the services available to the various roles are highly dependent upon the security policy set for the HSM. The following sections give a complete description of these roles and the services available to each of them.