beautypg.com

Group permissions, Viewing the group permissions section, Group permissions section components – HP Secure Key Manager User Manual

Page 125

background image

The state, combined with the key type and group permissions determine how the key version can be
used. Ultimately, a key version can only be used when: the key’s group permissions permit the
operation, the key version’s state permits the operation, and the request comes from a member of the
permitted group. A key can have a maximum of 4000 versions.

Group Permissions

Use the Group Permissions section to modify the permissions for a key. Key permissions are granted
at the group level. To assign permissions to a specific user, you must include that user in a group and
then assign permissions to the group. To assign an authorization policy to a key, you must first define
the policy. The owner of a key implicitly has permissions to perform all applicable operations using
the key, even if that user belongs to a group for which permissions are restricted.

NOTE:

You cannot set group permissions for global keys; all users can access global keys for any applicable
operation.

Figure 49 Viewing the Group Permissions section

The following table describes the components of the Group Permissions section.

Table 30 Group Permissions section components

Description

Component

Displays the groups that have permission to use the key. These groups are defined on
either the Local Users & Groups page (when using a local user directory) or on the
LDAP server (when using an LDAP user directory). If you are assigning an authorization
policy to this key, you must first define the policy.

Group

The operation available to the user group for this key. You can assign this operation
using the following options:

always: members of the group can always perform the operation with the key.

authorization policy: members of the group can always perform the operation with
the key according to the terms of the authorization policy.

NOTE:

Export permission is only applicable if the key is exportable.

Export

Click Edit to modify existing permissions for a group.

Edit

Click Add to give permissions to a group that uses the key.

NOTE:

You cannot add group permissions to global keys or certificates.

Add

Secure Key Manager

125

See also other documents in the category HP Storage: