beautypg.com

Group permissions, 49 viewing the group permissions section, 29 group permissions section components – HP Secure Key Manager User Manual

Page 113

background image

key version’s state permits the operation, and the request comes from a member of the permitted group.

A key can have a maximum of 4000 versions.

Group Permissions

Use the Group Permissions section to modify the permissions for a key. Key permissions are granted at

the group level. To assign permissions to a specific user, you must include that user in a group and then

assign permissions to the group. To assign an authorization policy to a key, you must first define the

policy. The owner of a key implicitly has permissions to perform all applicable operations using the key,

even if that user belongs to a group for which permissions are restricted.

NOTE:

You cannot set group permissions for global keys; all users can access global keys for any applicable

operation.

Figure 49 Viewing the Group Permissions section

The following table describes the components of the Group Permissions section.

Table 29 Group Permissions section components

Component

Description

Group

Displays the groups that have permission to use the key. These groups are defined

on either the Local Users & Groups page (when using a local user directory) or

on the LDAP server (when using an LDAP user directory). If you are assigning an

authorization policy to this key, you must first define the policy.

Export

The operation available to the user group for this key. You can assign this operation

using the following options:

always: members of the group can always perform the operation with the key.

authorization policy: members of the group can always perform the operation

with the key according to the terms of the authorization policy.

NOTE:

Export permission is only applicable if the key is exportable.

Edit

Click Edit to modify existing permissions for a group.

Add

Click Add to give permissions to a group that uses the key.

NOTE:

You cannot add group permissions to global keys or certificates.

Delete

Click Delete to remove the permissions for a group.

For example, in

Figure 49

, members of group1 have permission to export key1. Members of group2 can

export according to policy1.
When a user is a member of multiple groups, the user inherits the union of the group permissions. In the

example above, if a user is a member of group1 and group2, that user always has permission to export.

Secure Key Manager

113

See also other documents in the category HP Storage: