|Applies To||Keon Certificate Authority 6.0|
|Issue||How to forbid administrators from deleting certificates|
How to control which administrators can delete a certificate
Forbidding administrators from executing certain operations
|Resolution||One or more ACLs can be created in order to limit the operations an administrator can execute. The following procedure is for advanced users and demonstrates how to forbid an administrator from deleting certificates:|
1. In the KCA Administration Console, click on ?System Configuration?
2. In the left pane click on ?Create ACL?
3. In the Description enter the name of the page you want to protect. In our example, this is /ca/cert-ops/cert-delete.xuda.
4. Select a ?Virtual Host? (for example, <hostname>:444 would be the KCA Administration server) or ANY ?Virtual Host?
5. Click the ?Save ACL? button
6. For our example, create the following rule:
a) In the rules pane (bottom part of the window), select "None" for "Access Granted by this Rule"
b) "Source" must be "Client"
c) Select an appropriate "Attribute", for example, "Common Name"
d) For "Comparison" select "is"
e) In the "Value" field, enter the name of the administrator that should not be allowed to access the page (i.e. the delete certificate page)
7. Click "Commit Rule Changes" to save the rule"
When the administrator listed in the rule tries to delete a certificate, they will receive the following error message:
"You don't have permission to access /ca/cert-ops/cert-delete.xuda on this server."
|Legacy Article ID||a11703|