Required User Permissions
This section provides the complete list of permissions required by a CipherTrust Manager user to perform operations on Salesforce resources using CCKM.
Create Operations (post)
| Operation | Required Permissions | ACLs |
|---|---|---|
| Get SFDC organizations | GetOrganizationsCCKM | view |
| Add SFDC organizations | AddOrganizationCCKM | view |
| User ACLs | ApplyAclsCCKM ReadOrganizationsCCKM |
view |
| Generate a report | CreateReportCCKM ReportStatusCCKM |
view reportcreate reportview |
| Create endpoint | AddSFDCEndpoint | view endpointcreate |
| List cloud name credentials | view | |
| Create SFDC certificate | CreateSFDCCertificate | view certificatecreate |
| Synchronize SFDC certificate | StartSFDCCertificateSynchronizationJob GetSFDCCertificateSynchronizationJob UpdateSFDCCertificateSynchronizationJob ReadOrganizationsCCKM |
view certificatesync |
| Cancel synchronized certificate | GetSFDCCertificateSynchronizationJob UpdateSFDCCertificateSynchronizationJob |
view |
| Create SFDC key | CreatKeyCCKM | view keycreate |
| Upload SFDC cache-only key | For local: UploadSFDCCacheOnlyKey GetSFDCEndpoint GetSFDCCertificate For DSM: GetDSMDomainCCKM ReadKeyCCKM For Luna: ReadKeyCCKM |
view cacheonlykeyupload |
| Destroy SFDC key | UpdateDestroyKeyCCKM | view cacheonlykeydestroy |
| Import SFDC key | UpdateRestoreKeyCCKM | view keyimport |
| Activate cache-only key | ActivateSFDCCacheOnlyKey | view cacheonlykeyactivate |
| Synchronization SFDC key | ReadOrganizationsCCKM SyncKeysCCKM |
view keysynchronize |
| Cancel synchronized job | SyncStatusKeysCCKM | view keysynchronize |
| Upload SFDC key | For local: UploadKeyCCKM GetSFDCCertificate ReadKey For DSM: ReadKeyCCKM ReadOrganizationsCCKM GetDSMDomainCCKM For luna: ReadOrganizationsCCKM ReadKeyCCKM |
view keyrotatetobyok keyupload |
| Delete backup key | DeleteKeyCCKM ReadKeyCCKM |
view deletebackupbyok deletebackup deletebackupnative |
Read Operations (get)
| Operation | Required Permissions | ACLs |
|---|---|---|
| List organizations | ReadOrganizationsCCKM | view |
| Get SFDC organizations | ReadOrganizationsCCKM | view |
| List report | ReportStatusCCKM | view reportview |
| Get report | ReportStatusCCKM | view reportview |
| Get content | ReportStatusCCKM | view reportview |
| Get CSV content | ReportStatusCCKM | view reportdownload |
| List endpoints | GetSFDCEndpoint | view |
| Get endpoints | GetSFDCEndpoint | view |
| List SFDC certificates | GetSFDCCertificate | view |
| Get SFDC certificates | GetSFDCCertificate | view |
| Status of certificates | ListSFDCCertificateSynchronizationJobs | view |
| Get certificate by id | GetSFDCCertificateSynchronizationJob | view |
| List SFDC keys | ReadKeyCCKM | view |
| Get SFDC key by id | ReadKeyCCKM | view |
| Synchronization status of key | SyncStatusKeysCCKM | view |
| Get synchronization job by id | SyncStatusKeysCCKM | view |
| Get enpoint key | ReadKeyCCKM | view |
Update Operations (patch)
| Operation | Required Permissions | ACLs |
|---|---|---|
| Update | UpdateCCKMOrganization ReadOrganizationsCCKM |
view |
| Update endpoint | GetSFDCEndpoint UpdateSFDCEndpoint |
view endpointupdate |
| Update cache-only key | GetSFDCCacheOnlyKey UpdateSFDCCacheOnlyKey GetSFDCEndpoint |
view cacheonlykeyupdate |
Delete Operations (delete)
| Operation | Required Permissions | ACLs |
|---|---|---|
| Delete | ReadOrganizationsCCKM DeleteOrganizationCCKM |
view |
| Delete report | DeleteReportsCCKM ReportStatusCCKM |
view reportdelete |
| Delete endpoint | GetSFDCEndpoint DeleteSFDCEndpoint |
view endpointdelete |
| Delete SFDC certificate | GetSFDCCertificate DeleteSFDCCertificate |
view certificatedelete |