To initially configure privileges, use the account specified during system configuration in the Role Administrator section of the Axidian CertiFlow Configuration Wizard.

The roles can be either global (ones that apply to all smart card usage policies) and local (ones that apply to specified policies only). Local roles can be added to policies in Policy links section. Global Administrator and Operator roles are predefined.

A set of allowed and disallowed actions is created for role members. By default, predefined Administrator role has maximum privileges, and Operators have limited privileges for system configuration. To modify a role, click . Users are included into role either personally or via membership in Active Directory groups.

Global role lineup is formed during creation or editing. Local role lineup is defined upon adding a role to a policy in Policy links section.

To add a user to global role and configure privileges:

  1. Сlick Add.
    • Specify Active Directory User Group.
    • Enter the user's Common name (CN) or Login (sAMAccountName).
  2. Сlick Add:
  3. Set the privileges for role users:
  4. Click Save to confirm the changes.

Role type (global or local) cannot be changed after creation. Role lineup and set of privileges can be modified at anytime during role editing.


  • No labels