Authorization

1.0 Administrators, Auditors, and Members

Fortanix-Data-Security-Manager (DSM) defines four roles that may be assigned to users: administrator, auditor, and member, custom role. These roles may be assigned at either the account or group level.

When the administrator (or auditor) role is assigned to a user at the account level, that user automatically becomes an administrator (or auditor) of every group in the account, including groups added subsequently.

When the administrator (or auditor) role is assigned to a user at the group level, the user has administrator (or auditor) permissions on that group, but not on any other group unless also assigned the role on the other group.

An auditor of a group can perform the following operations:

View applications in the group
View users in the group
View security objects in the group
View and search logs of Fortanix DSM activity for the group itself, and for users, applications, and security objects assigned to the group.

An administrator of a group can perform all of the auditor operations and the following additional operations:

Create, modify, or delete applications in the group
Retrieve the authentication credential for applications in the group
Change the authentication method (API key or certificate) for applications in the group, regenerate the API key, or configure a new certificate
Create, modify, or delete security objects in the group (but not perform cryptographic operations; only applications may perform cryptographic operations)
Add or remove users from the group
Modify group properties or delete the group

A regular member has no permission to view or modify any object until granted either auditor or administrator permission in some group.

A custom user role can have an arbitrary set of permissions at the account or group level. For more details on how to create and manage Custom user roles, refer to User’s Guide: Custom Roles.

For more information on authorization, refer to User's Guide: Authorization.

2.0 Account Administration

Administrative operations on the account can only be performed by an account administrator. These operations include:

Changing billing information or subscription level
Inviting new users to the account
Enabling or disabling users
Creating new groups
Deleting the account

For a tabular view of the actions allowed for every role please refer to the User's Guide: Authorization.

An Account Administrator can also create external roles for the account using LDAP integrations in account authentication settings. Account administrators can import group objects from an LDAP directory add them as external roles into Fortanix DSM.

For more details refer to LDAP Authorizations for Users and LDAP Authorization for Applications.

Authorization - User

1.0 Administrators, Auditors, and Members

2.0 Account Administration

PLATFORM

Key Insight

Data Security Manager™

Confidential Computing Manager

Enclave Development Platform®

Request A demo

Contact Us

Free Trial

SOLUTIONS

AWS KMS External Key Store (XKS)

Google External Key Manager

Bring Your Own Key (BYOK)

HSM Modernization

Multicloud Key Management

Post Quantum Cryptography

Code Signing

Secrets Management

Tokenization Transparent

Database Encryption

Filesystem Encryption

Confidential Data Search

Confidential AI

Healthcare

Banking & Financial Services

Fintech

Manufacturing

Web 3.0

Federal Government

RESOURCES

Blog

Whitepapers

Datasheets

Solution Briefs

Ebooks

Reports

Case Studies

Webinars

University

Media Kit

Newsletters

COMPANY

About

Careerswe’re hiring

Customers

Partners

Awards

Events

Press

News

Services

Support

FAQ

4.6