Dieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.

D.6. Token Key Service-Specific ACLs


This section covers the default access control configuration attributes which are set specifically for the Token Key Service (TKS). The TKS ACL configuration also includes all of the common ACLs listed in Section D.2, “Common ACLs”.
There are access control rules set for the TKS's administrative console and for access by other subsystems to the TKS.

D.6.1. certServer.tks.encrypteddata

Controls who can encrypt data.
allow(execute) group="Token Key Service Manager Agents"
Table D.66. certServer.tks.encrypteddata ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
Execute Encrypted data stored in the TKS. Allow TKS Agents

D.6.2. certServer.tks.group

Controls access to the internal database for adding users and groups for the TKS instance.
allow (modify,read) group="Administrators"
Table D.67. certServer.tks.group ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
modify Create, edit, or delete user and group entries for the instance. Allow Administrators
read View user and group entries for the instance. Allow Administrators

D.6.3. certServer.tks.importTransportCert

Controls who can import the transport certificate used by the TKS to deliver keys.
allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"
Table D.68. certServer.tks.importTransportCert ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
modify Update the transport certificate. Allow Enterprise Administrators
read Import the transport certificate. Allow Enterprise Administrators

D.6.4. certServer.tks.keysetdata

Controls who can view information about key sets derived and stored by the TKS.
allow (execute) group="Token Key Service Manager Agents"
Table D.69. certServer.tks.keysetdata ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
Execute Create diversified key set data. Allow TKS Agents

D.6.5. certServer.tks.registerUser

Defines which group or user can create an agent user for the instance. The default configuration is:
allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"
Table D.70. certServer.tks.registerUser ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
modify Register a new agent. Allow Enterprise Administrators
read Read existing agent information. Allow Enterprise Administrators

D.6.6. certServer.tks.sessionkey

Controls who can create the session keys used by the TKS instance to connections to the TPS.
allow (execute) group="Token Key Service Manager Agents"
Table D.71. certServer.tks.sessionkey ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
Execute Create session keys generated by the TKS. Allow TKS Agents

D.6.7. certServer.tks.randomdata

Controls who can create random data.
allow (execute) group="Token Key Service Manager Agents"
Table D.72. certServer.tks.randomdata ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
Execute Generate random data. Allow TKS Agents
Red Hat logoGithubRedditYoutubeTwitter

Lernen

Testen, kaufen und verkaufen

Communitys

Über Red Hat Dokumentation

Wir helfen Red Hat Benutzern, mit unseren Produkten und Diensten innovativ zu sein und ihre Ziele zu erreichen – mit Inhalten, denen sie vertrauen können.

Mehr Inklusion in Open Source

Red Hat hat sich verpflichtet, problematische Sprache in unserem Code, unserer Dokumentation und unseren Web-Eigenschaften zu ersetzen. Weitere Einzelheiten finden Sie in Red Hat Blog.

Über Red Hat

Wir liefern gehärtete Lösungen, die es Unternehmen leichter machen, plattform- und umgebungsübergreifend zu arbeiten, vom zentralen Rechenzentrum bis zum Netzwerkrand.

© 2024 Red Hat, Inc.