Group permissions, Viewing the group permissions section, Group permissions section components – HP Secure Key Manager User Manual
Page 125
The state, combined with the key type and group permissions determine how the key version can be
used. Ultimately, a key version can only be used when: the key’s group permissions permit the
operation, the key version’s state permits the operation, and the request comes from a member of the
permitted group. A key can have a maximum of 4000 versions.
Group Permissions
Use the Group Permissions section to modify the permissions for a key. Key permissions are granted
at the group level. To assign permissions to a specific user, you must include that user in a group and
then assign permissions to the group. To assign an authorization policy to a key, you must first define
the policy. The owner of a key implicitly has permissions to perform all applicable operations using
the key, even if that user belongs to a group for which permissions are restricted.
NOTE:
You cannot set group permissions for global keys; all users can access global keys for any applicable
operation.
Figure 49 Viewing the Group Permissions section
The following table describes the components of the Group Permissions section.
Table 30 Group Permissions section components
Description
Component
Displays the groups that have permission to use the key. These groups are defined on
either the Local Users & Groups page (when using a local user directory) or on the
LDAP server (when using an LDAP user directory). If you are assigning an authorization
policy to this key, you must first define the policy.
Group
The operation available to the user group for this key. You can assign this operation
using the following options:
•
always: members of the group can always perform the operation with the key.
•
authorization policy: members of the group can always perform the operation with
the key according to the terms of the authorization policy.
NOTE:
Export permission is only applicable if the key is exportable.
Export
Click Edit to modify existing permissions for a group.
Edit
Click Add to give permissions to a group that uses the key.
NOTE:
You cannot add group permissions to global keys or certificates.
Add
Secure Key Manager
125