Using multiple administrator accounts – HP Secure Key Manager User Manual
Page 221
and stored on the SKM appliance. The available access controls are grouped into categories and
described here.
Security Configuration access controls enable the administrator to:
•
create, modify, and delete keys and establish authorization policies (Keys and Authorization
Policies).
•
create and modify users and groups and maintain LDAP server settings (Users and Groups).
•
create and import certificates (Certificates).
•
manage certificate authorities on the SKM appliance (Certificate Authorities).
•
manage advanced security settings, including FIPS (Advanced Security).
•
modify SSL configuration (SSL).
Device Configuration access controls enable the administrator to:
•
create a cluster, join or remove a device from an existing cluster (Cluster).
•
configure network and date/time settings (Network and Date/Time).
•
enable and configure high availability settings (High Availability).
•
manage SNMP community names and management stations (SNMP).
•
modify logging settings (Logging).
Backup & Restore access controls enable the administrator to:
•
create backups excluding backup of keys, certificates and local certificate authorities (Backup
Configuration).
•
create backups of keys and certificates (Backup Keys & Certificates).
•
create backups of local certificate authorities and associated private keys (Backup Local CAs).
•
restore backups excluding backup of keys, certificates, and local certificate authorities (Restore
Configuration).
•
restore backups of keys and certificates (Restore Keys & Certificates).
•
restore backups of local certificate authorities and associated private keys (Restore Local CAs).
Maintenance access controls enable the administrator to
•
modify the startup service setting (Services).
•
upgrade to a new software version and add and remove disks (Software Upgrade and System
Health).
Administrative Access access controls enable the administrator to:
•
access the Management Console (Admin Access via Web)
•
access the Command Line Interface over an SSH connection (Admin Access via SSH).
Regardless of the Administrative Access settings, all administrators can access the SKM appliance
directly using the serial console. Using the serial console connection precludes the administrator from
modifying almost all security configuration settings and some device configuration settings (for example,
Keys, Users & Groups, etc. )
Using multiple administrator accounts
Most likely, you will want to create multiple administrators. When doing so, you should assign access
controls that mirror your organization’s procedures. For example, if you separate the tasks of key
management, system backup, and device configuration, you’ll want to create unique administrators
for each of those roles.
Secure Key Manager
221