Red Hat Summit Red Hat SummitSupportKonsoleEntwicklerDemo startenKontakt

Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

D.2. Common ACLs

This section covers the default access control configuration that is common for all four subsystem types. These access control rules manage access to basic and common configuration settings, such as logging and adding users and groups.

Important

These ACLs are common in that the same ACLs occur in each subsystem instance's acl.ldif file. These are not shared ACLs in the sense that the configuration files or settings are held in common by all subsystem instances. As with all other instance configuration, these ACLs are maintained independently of other subsystem instances, in the instance-specific acl.ldif file.

D.2.1. certServer.acl.configuration
Link kopieren

Controls operations to the ACL configuration. The default configuration is: 
allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Key Recovery Authority Agents" || group="Online Certificate Status Manager Agents" || group="Auditors";allow (modify) group="Administrators"
Copy to Clipboard Toggle word wrap
Expand
Table D.2. certServer.acl.configuration ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
read View ACL resources and list ACL resources, ACL listing evaluators, and ACL evaluator types. Allow
Administrators
Agents
Auditors
modify Add, delete, and update ACL evaluators. Allow Administrators

D.2.2. certServer.admin.certificate
Link kopieren

Controls which users can import a certificate through a Certificate Manager. By default, this operation is allowed to everyone. The default configuration is: 
allow (import) user="anybody"
Copy to Clipboard Toggle word wrap

Note

This entry is associated with the CA administration web interface which is used to configure the instance. This ACL is only available during instance configuration and is unavailable after the CA is running.
Expand
Table D.3. certServer.admin.certificate ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
import Import a CA administrator certificate, and retrieve certificates by serial number. Allow Anyone

D.2.3. certServer.auth.configuration
Link kopieren

Controls operations on the authentication configuration. 
allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Key Recovery Authority Agents" || group="Online Certificate Status Manager Agents" || group="Auditors";allow (modify) group="Administrators
Copy to Clipboard Toggle word wrap
Expand
Table D.4. certServer.auth.configuration ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
read View authentication plug-ins, authentication type, configured authentication manager plug-ins, and authentication instances. List authentication manager plug-ins and authentication manager instances. Allow
Administrators
Agents
Auditors
modify Add or delete authentication plug-ins and authentication instances. Modify authentication instances. Allow Administrators

D.2.4. certServer.clone.configuration
Link kopieren

Controls who can read and modify the configuration information used in cloning. The default setting is: 
allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators"
Copy to Clipboard Toggle word wrap
Expand
Table D.5. certServer.clone.configuration ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
read View original instance configuration. Allow Enterprise Administrators
modify Modify original instance configuration. Allow Enterprise Administrators

D.2.5. certServer.general.configuration
Link kopieren

Controls access to the general configuration of the subsystem instance, including who can view and edit the CA's settings. 
allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Key Recovery Authority Agents" || group="Online Certificate Status Manager Agents";allow (modify) group="Administrators"
Copy to Clipboard Toggle word wrap
Expand
Table D.6. certServer.general.configuration ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
read View the operating environment, LDAP configuration, SMTP configuration, server statistics, encryption, token names, subject name of certificates, certificate nicknames, all subsystems loaded by the server, CA certificates, and all certificates for management. Allow
Administrators
Agents
Auditors
modify Modify the settings for the LDAP database, SMTP, and encryption. Issue import certificates, install certificates, trust and untrust CA certificates, import cross-pair certificates, and delete certificates. Perform server restart and stop operations. Log in all tokens and check token status. Run self-tests on demand. Get certificate information. Process the certificate subject name. Validate the certificate subject name, certificate key length, and certificate extension. Allow Administrators

D.2.6. certServer.log.configuration
Link kopieren

Controls access to the log configuration for the Certificate Manager, including changing the log settings. 
allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Key Recovery Authority Agents" || group="Online Certificate Status Manager Agents";allow (modify) group="Administrators"
Copy to Clipboard Toggle word wrap
Expand
Table D.7. certServer.log.configuration ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
read View log plug-in information, log plug-in configuration, and log instance configuration. List log plug-ins and log instances (excluding NTEventLog). Allow
Administrators
Agents
Auditors
modify Add and delete log plug-ins and log instances. Modify log instances, including log rollover parameters and log level. Allow Administrators

D.2.7. certServer.log.configuration.fileName
Link kopieren

Restricts access to change the file name of a log for the instance. 
allow (read) group="Administrators" || group="Auditors" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Key Recovery Authority Agents" || group="Online Certificate Status Manager Agents";deny (modify) user=anybody
Copy to Clipboard Toggle word wrap
Expand
Table D.8. certServer.log.configuration.fileName ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
read View the value of the fileName parameter for a log instance. Allow
Administrators
Agents
Auditors
modify Change the value of the fileName parameter for a log instance. Deny Anyone

D.2.8. certServer.log.content.system
Link kopieren

Controls who can view the instance's logs. 
allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Key Recovery Authority Agents" || group="Online Certificate Status Manager Agents" || group="Auditors"
Copy to Clipboard Toggle word wrap
Expand
Table D.9. certServer.log.content.system ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
read View log content. List all logs. Allow
Administrators
Agents
Auditors

D.2.9. certServer.log.content.transactions
Link kopieren

Controls who can view the instance's transactions logs. 
allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Key Recovery Authority Agents" || group="Online Certificate Status Manager Agents" || group="Auditors"
Copy to Clipboard Toggle word wrap
Expand
Table D.10. certServer.log.content.transactions ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
read View log content. List all logs. Allow
Administrators
Agents
Auditors

D.2.10. certServer.log.content.signedAudit
Link kopieren

Controls who has access to the signed audit logs. The default setting is: 
allow (read) group="Auditors"
Copy to Clipboard Toggle word wrap
Expand
Table D.11. certServer.log.content.signedAudit ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
read View log content. List logs. Allow
Auditors

D.2.11. certServer.registry.configuration
Link kopieren

Controls access to the administration registry, the file that is used to register plug-in modules. Currently, this is only used to register certificate profile plug-ins. 
allow (read) group="Administrators" || group="Certificate Manager Agents" || group="Registration Manager Agents" || group="Key Recovery Authority Agents" || group="Online Certificate Status Manager Agents" || group="Auditors";allow (modify) group="Administrators"
Copy to Clipboard Toggle word wrap
Expand
Table D.12. certServer.registry.configuration ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
read View the administration registry, supported policy constraints, profile plug-in configuration, and the list of profile plug-ins. Allow
Administrators
Agents
Auditors
modify Register individual profile implementation plug-ins. Allow Administrators
Nach oben
Red Hat logoGithubredditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können. Entdecken Sie unsere neuesten Updates.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

Theme

© 2025 Red Hat