Questo contenuto non è disponibile nella lingua selezionata.

D.6. Token Key Service-Specific ACLs


This section covers the default access control configuration attributes which are set specifically for the Token Key Service (TKS). The TKS ACL configuration also includes all of the common ACLs listed in Section D.2, “Common ACLs”.
There are access control rules set for the TKS's administrative console and for access by other subsystems to the TKS.

D.6.1. certServer.tks.encrypteddata

Controls who can encrypt data.
allow(execute) group="Token Key Service Manager Agents"
Table D.66. certServer.tks.encrypteddata ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
Execute Encrypted data stored in the TKS. Allow TKS Agents

D.6.2. certServer.tks.group

Controls access to the internal database for adding users and groups for the TKS instance.
allow (modify,read) group="Administrators"
Table D.67. certServer.tks.group ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
modify Create, edit, or delete user and group entries for the instance. Allow Administrators
read View user and group entries for the instance. Allow Administrators

D.6.3. certServer.tks.importTransportCert

Controls who can import the transport certificate used by the TKS to deliver keys.
allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"
Table D.68. certServer.tks.importTransportCert ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
modify Update the transport certificate. Allow Enterprise Administrators
read Import the transport certificate. Allow Enterprise Administrators

D.6.4. certServer.tks.keysetdata

Controls who can view information about key sets derived and stored by the TKS.
allow (execute) group="Token Key Service Manager Agents"
Table D.69. certServer.tks.keysetdata ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
Execute Create diversified key set data. Allow TKS Agents

D.6.5. certServer.tks.registerUser

Defines which group or user can create an agent user for the instance. The default configuration is:
allow (modify,read) group="Enterprise CA Administrators" || group="Enterprise KRA Administrators" || group="Enterprise OCSP Administrators" || group="Enterprise TKS Administrators" || group="Enterprise TPS Administrators"
Table D.70. certServer.tks.registerUser ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
modify Register a new agent. Allow Enterprise Administrators
read Read existing agent information. Allow Enterprise Administrators

D.6.6. certServer.tks.sessionkey

Controls who can create the session keys used by the TKS instance to connections to the TPS.
allow (execute) group="Token Key Service Manager Agents"
Table D.71. certServer.tks.sessionkey ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
Execute Create session keys generated by the TKS. Allow TKS Agents

D.6.7. certServer.tks.randomdata

Controls who can create random data.
allow (execute) group="Token Key Service Manager Agents"
Table D.72. certServer.tks.randomdata ACL Summary
Operations Description Allow/Deny Access Targeted Users/Groups
Execute Generate random data. Allow TKS Agents
Red Hat logoGithubRedditYoutubeTwitter

Formazione

Prova, acquista e vendi

Community

Informazioni sulla documentazione di Red Hat

Aiutiamo gli utenti Red Hat a innovarsi e raggiungere i propri obiettivi con i nostri prodotti e servizi grazie a contenuti di cui possono fidarsi.

Rendiamo l’open source più inclusivo

Red Hat si impegna a sostituire il linguaggio problematico nel codice, nella documentazione e nelle proprietà web. Per maggiori dettagli, visita ilBlog di Red Hat.

Informazioni su Red Hat

Forniamo soluzioni consolidate che rendono più semplice per le aziende lavorare su piattaforme e ambienti diversi, dal datacenter centrale all'edge della rete.

© 2024 Red Hat, Inc.