Required User Permissions
This section provides the complete list of permissions required by a CipherTrust Manager user to perform operations on SAP resources using CCKM.
Create Operations (post)
| Operation | Required Permissions | ACLs |
|---|---|---|
| Get SAP group | GetGroupsCCKM | view |
| Add SAP group | AddGroupsCCKM ReadSapGroup |
view |
| User ACLs | ApplyAclsCCKM | view |
| Create native SAP key | CreatKeyCCKM | view keycreate |
| Delete key from SAP | DeleteKeyCCKM | view keydelete |
| Delete backup of key from CM | DeleteKeyCCKM ReadKeyCCKM |
view deletebackup |
| Create a new job | If operation = DELETEJOB: DeleteKeyCCKM If operation = RESTOREJOB: UpdateRestoreKeyCCKM |
view If operation = DELETEJOB: keydelete If operation = RESTOREJOB: keyrestore |
| Add key version | Upload a key: AddKeyVersionCCKM RotateKeyCCKM If source = local: ddKeyVersionCCKM RotateKeyCCKM ReadKeyCCKM If source = dsm: AddKeyVersionCCKM RotateKeyCCKM ReadKeyCCKM If source = luna: AddKeyVersionCCKM RotateKeyCCKM ReadKeyCCKM |
Upload a key: keyrotatetobyok keyrotatetonative |
| Upload SAP key | If source = local: AddKeyVersionCCKM ReadKeyCCKM CreateKey If source = dsm: AddKeyVersionCCKM ReadKeyCCKM GetDSMDomainCCKM CreatKeyCCKM If source = luna: AddKeyVersionCCKM CreatKeyCCKM ReadKeyCCKM |
view keyupload |
| Synchronize | ReadSapGroup SyncStatusKeysCCKM |
|
| SyncKeysCCKM | view keysynchronize |
|
| Cancel synchronize job | SyncStatusKeysCCKM | view keysynchronize |
| Enable auto rotation | For native: UpdateKeyCCKM ReadKeyCCKM ReadJob For luna: GetLunaPartitionCCKM For dsm: GetDSMDomainCCKM |
keyupdate view |
| Disable auto rotation | UpdateKeyCCKM ReadKeyCCKM ReadJob |
keyupdate view |
| Create SAP DKR | CreatKeyCCKM | view keycreate |
| Delete a DKR from SAP | DeleteKeyCCKM | view delete |
| Generate a report | CreateReportCCKM ReportStatusCCKM ReadSapGroup |
view reportcreate reportview |
Read Operations (get)
| Operation | Required Permissions | ACLs |
|---|---|---|
| List groups | ReadSapGroup | view |
| Get SAP group | view | |
| List SAP applications | ReadSapApplication | view |
| List SAP keys | ReadKeyCCKM | view |
| Get SAP key | ReadKeyCCKM | view |
| Retrieves job status | ||
| List key versions | ReadVersionsCCKM ReadKeyCCKM |
view |
| Get key version details | ReadVersionsCCKM ReadKeyCCKM |
view |
| Synchronized status | SyncStatusKeysCCKM | view |
| Get synchrozation job | SyncStatusKeysCCKM | view |
| List SAP DKR | ReadKeyCCKM | view |
| Get SAP DKR | ReadKeyCCKM | view |
| List report | ReportStatusCCKM | view reportview |
| Get report | ReportStatusCCKM | view reportview |
| Get content | ReportStatusCCKM | view reportview |
| Get CSV content | ReportStatusCCKM | view reportdownload |
Update Operations (patch)
| Operation | Required Permissions | ACLs |
|---|---|---|
| Update SAP group | UpdateSapGroup | view |
| Update SAP key | UpdateKeyCCKM | view keyupdate |
| Update Key version | UpdateKeyCCKM | view keyupdate |
| Update SAP DKR | UpdateKeyCCKM | view keyupdate |
Delete Operations (delete)
| Operation | Required Permissions | ACLs |
|---|---|---|
| Delete SAP keys | DeleteKeyCCKM | view keyremove |
| Delete SAP DKR | DeleteKeyCCKM | view keyremove |
| Delete SAP group | DeleteGroupCCKM ReadSapGroup ReadSapApplication |
view |
| Delete report | DeleteReportsCCKM | view reportdelete |