User Roles

As part of the SafeNet ProtectToolkit-C configuration process, different user roles are assigned to those responsible for application administration and use.

For SafeNet ProtectToolkit-C, there are four defined roles available. These are:

>Administration Security Officer (ASO)

>Administrator

>Security Officer (SO)

>Token Owner (User)

For public access roles, see Unauthenticated Users.

Standard PKCS #11 defines the Security Officer (SO) and the Token Owner or User roles. Each slot and its associated token will have an SO and a User, each with their own respective PINs. A Security Officer grants and revokes access to a token and assists with key backups. A Token Owner uses the token for the application.

Two additional roles are only available on the Admin token. The holders of these roles handle HSM-level administration and management. These are the Administration Security Officer (ASO) and the Administrator. These roles effectively mirror their standard PKCS #11 counterparts.

It should be noted that the services available to the various roles are highly dependent upon the security policy set for the HSM. The following sections give a complete description of these roles and the services available to each of them.


Customer Support Portal

SafeNet ProtectToolkit 5.7 Product Documentation  08 January 2020  Copyright 2009-2020 Gemalto. All rights reserved.