|Applies To||Keon Certificate Authority 6.5.1|
Microsoft Windows 2000 Advanced Server SP4
|Issue||How to limit Keon Certificate Authority administrative access via certificates and Web ACLs|
Setting up an Web ACLs
|Cause||A requirement exists where one of more administrators need to be given a very limited access to some Keon Certificate Authority (KCA) functionality|
The documentation (and online help pages) give extensive information about the use of an ACL. The following steps show one simple example of assigning one single function to one specific user.
For example, let's say we want a person to be able to run the report to check on expiring certificates using the URL:
Consider we have an administrator who has been issued a certificate with an MD5 of eb58dfec5304396e3460a5d3303. All other administrative functionality should be excluded. By using the System Configuration workbench we can set up two ACL rules; first a rule to deny access:
Now a second rule to allow the single functionality required:
The combination of the two will limit our administrator to the one single function.
|Legacy Article ID||a24709|