Your suggested change has been received. Thank you.

close
Thales Logo

All

  • All
  • CipherTrust Manager
  • CipherTrust Application Data Protection (CADP)
  • CipherTrust Application Key Management (CAKM)
  • CipherTrust Batch Data Transformation (BDT)
  • CipherTrust Cloud Key Management (CCKM)
  • CipherTrust Data Discovery and Classification (DDC)
  • CipherTrust Data Protection Gateway (DPG)
  • CipherTrust Database Protection (CDP)
  • CipherTrust Intelligent Protection (CIP)
  • CipherTrust Integrations
  • CipherTrust Migrations
  • CipherTrust RESTful Data Protection (CRDP)
  • CipherTrust Transparent Encryption (CTE)
  • CipherTrust Transparent Encryption Userspace (CTE-U)
  • CipherTrust Secrets Management (CSM)
  • CipherTrust Vaulted Tokenization (CT-V)
  • CipherTrust Vaultless Tokenization (CT-VL)
  • CTE-Linux
  • CTE-Windows
  • CTE-AIX
  • CTE-K8s
  • CTE-U
  • Crypto Command Center
  • Data Protection on Demand
  • Luna Cloud HSM
  • Luna Network HSM
  • Luna PCIe HSM
  • Luna USB HSM
  • OneWelcome Identity Platform
  • ProtectApp LUKS
  • ProtectServer 2 HSM
  • ProtectServer 3 HSM
  • SafeNet Trusted Access (STA)
  • SafeNet MobilePASS+
  • SafeNet MobilePASS+ for Android
  • SafeNet MobilePASS+ for Chrome
  • SafeNet MobilePASS+ for macOS
  • SafeNet MobilePASS+ for iOS
  • SafeNet MobilePASS+ for WatchOS
  • SafeNet MobilePASS+ for Windows
  • SafeNet Synchronization Agent
  • SafeNet Logging Agent
  • SafeNet Agent for FreeRADIUS
  • SafeNet Agent for NPS
  • SafeNet Agent for Windows Logon
  • SafeNet Authentication Service Private Cloud Edition (SAS PCE)
  • SafeNet Remote Logging Agent
  • SafeNet Keycloak Agent
  • SafeNet IDPrime Virtual (IDPV)
  • SafeNet FIDO Key Manager
  • SafeNet FIDO Key Manager for Android
  • SafeNet FIDO Key Manager for iOS
  • SafeNet FIDO Key Manager for Windows
back

Account management

Account Manager roles

search

Please Note:

printsuggest an editpdf paneldownload

Account Manager roles

A role is a combination of tabs, modules, and tasks that are available to an Account Manager. While access to tabs and modules is allowed, the tasks within a module can be restricted. For example:

  • Disabling the Create Accounts hyperlink under Shortcuts would remove the ability for an Account Manager to create a new account.
  • Disabling the Add, Edit, and Remove actions in the Auth Nodes module would allow an Account Manager to view the Auth Node list and deny the ability to make any changes.

Administrator Role

This flexibility in role assignments supports a high degree of operational security.

As a Service Provider, it is likely that you will add a number of Account Managers to assist with the tasks of onboarding, managing, and supporting your Subscriber accounts. An Account Manager is any person that can log in to the Management Console with access to any of the following Service Provider tabs - Dashboard, Onboarding, Virtual Server, and Administration. Subscriber accounts in this document refer to organizations that you on-board and manage, including accounts configured as Subscriber or Virtual Service Provider in the Services module.

Operational security gives you the tools to tailor Account Manager “roles” and “scope”. SafeNet Authentication Service (SAS) can also generate service alerts and automatically deliver these alerts to specified Account Managers, making them aware of events that require their attention as they occur in real time.

The steps in establishing operational security include:

copy link to clipboardCreate an Account Manager role

To create an Account Manager role:

  1. On the SAS console, select Administration > Account Manager Roles.

    The list of Account Manager roles is displayed.

    alt_text

  2. Click a role name to display the associated tabs, modules, and actions.
    All roles except the default Account Manager and Audit roles can be edited or removed by clicking Edit and Remove respectively. The Account Manager role cannot be removed or edited. The Audit role cannot be removed but can be edited.

    alt_text

    Default Role: The Default role is a Service Provider role that grants access to all Management Console functionality and all Account Management Groups. This role cannot be modified. Account Managers will be automatically assigned to this role if no other roles are created. In general, only a few and trusted Account Managers should have the Default role.

    Default Management Group: The Default Management Group is an initial group created at the time your Service Provider account was created. Additional groups can be created and accounts can be moved between groups at any time. The Default group cannot be removed or renamed. All other groups can be modified or removed as necessary.

copy link to clipboardAdd or edit an Account Manager Role

To add a role or edit an existing role, click the Add button or Edit hyperlink respectively. After adding, you will be prompted to create a role name and a role description, after which you’ll be presented with the Role configuration page.

The Role configuration page is split into several horizontal sections, each representing a different tab. Within each section is a table listing all modules available on the tab and a corresponding set of actions available for each module.

Clearing a check box removes the tab, module, or action from the role.

alt_text

alt_text

There are seven possible actions:

  • Access — Display the module.
  • Edit — Provide access to all edit functions available in the module.
  • Delete — Provide access to all delete or remove functions available in the module.
  • Add — Provide access to all Add functions available in the module.
  • Import — Provide access to all import functions available in the module.
  • Export — Provide access to all export functions available in the module.
  • View Log — Provide access to the View Log function available in the module.

On this page