Required User Permissions
This section provides the complete list of permissions required by a CipherTrust Manager user to perform operations on Google Cloud Platform (GCP) resources using CCKM.
Create Operations (post)
| Operation | Required Permissions | ACLs |
|---|---|---|
| Create GCP native key | CreatKeyCCKM AddKmsCCKM |
keycreate view |
| GCP add versions | AddKeyVersionCCKM | keycreate view |
| GCP refresh key version | ReadKeyCCKM AddKeyVersionCCKM |
keyupdate view |
| Get GCP refresh key | ReadKeyCCKM AddKeyVersionCCKM |
keyupdate view |
| Update all versions jobs | ReadVersionsCCKM UpdateAllVersionsStatusKeysCCKM ReadKeyCCKM UpdateKeyCCKM UpdateDestroyKeyCCKM |
keyupdate keydestroy keycanceldestroy view |
| Enable key version | ReadKeyCCKM UpdateKeyCCKM |
keyupdate view |
| Disable key version | ReadKeyCCKM UpdateKeyCCKM |
keyupdate view |
| Schedule destruction of key version | ReadKeyCCKM UpdateDestroyKeyCCKM |
keydestroy view |
| Cancel scheduled destruction of a key version | ReadKeyCCKM UpdateRestoreKeyCCKM |
keycanceldestroy view |
| Enable auto rotaiton | UpdateKeyCCKM ReadKeyCCKM |
keyupdate view |
| Disable the auto rotation | UpdateKeyCCKM | keyupdate view |
| Download public key | GetKeyVersionCCKM | |
| Upload GCP key | For local: CreatKeyCCKM UploadKey ReadKey For dsm: CreateKeyCCKM UploadKey ReadKey For hsm: CreateKeyCCKM UploadKey ReadKey |
keyupload view |
| Synchronization Jobs | ReadGcpKeyRing SyncStatusKeysCCKM SyncKeysCCKM ReadKeyCCKM |
keysynchronize view |
| Cancel synchronization jobs | AddKeyRingsCCKM SyncStatusKeysCCKM |
keysynchronize view |
| Generate GCP report | ReadGcpKeyRing CreateReportCCKM ReportStatusCCKM |
|
| Get Google Cloud key rings | GetKeyRingsCCKM | view |
| Add Google Cloud key rings | AddKeyRingsCCKM ReadGcpKeyRing |
view |
| Key ring ACLs | ApplyAclsCCKM ReadKeyRingsCCKM |
view |
Read Operations (get)
| Operation | Required Permissions | ACLs |
|---|---|---|
| List GCP keys | ReadKeyCCKM | view |
| Get GCP key | ReadKeyCCKM | view |
| List of GCP key versions | AddKeyRingsCCKM ReadVersionsCCKM |
view |
| Get GCP key versions details | view | |
| Get GCP update all versions jobs | ||
| Get synchronization jobs | SyncStatusKeysCCKM | view |
| Get synchronization jobs in id | SyncStatusKeysCCKM | view |
| List GCP reports | ReportStatusCCKM PermissionCCKMAddVault |
|
| Get GCP reports | ReportStatusCCKM | |
| Get contents | ReportStatusCCKM | |
| Get CSV content | ReportStatusCCKM | |
| Get syncronized status | SyncStatusKeysCCKM | view |
| List key rings | ReadGcpKeyRing AddKeyRingCCKM |
view |
| Get key ring by id | ReadKeyRingsCCKM | view |
Update Operations (patch)
| Operation | Required Permissions | ACLs |
|---|---|---|
| Upate GCP key | ReadKeyCCKM UpdateKeyCCKM |
keyupdate view |
| Update key ring | UpdateCCKMKeyRing ReadKeyRingsCCKM |
view |
Delete Operations (delete)
| Operation | Required Permissions | ACLs |
|---|---|---|
| Delete GCP report | ReportStatusCCKM DeleteReportsCCKM |
|
| Delete key ring | ReadKeyRingsCCKM DeleteKeyRingCCKM |
view |