Role management is available in the RA Web as of EJBCA 6.8.0, allowing RA administrators to manage their users and roles without access to the CA. The Role Management tab is visible among the menu items in the RA Web if the logged in administrator has sufficient access rights to manage roles.
RA role management consists of functionality similar to Administrator Roles in the Administrator Web, including:
Viewing existing roles and role members
Creating new roles and namespaces
Adding members to roles
Editing end entity permissions
Edit / Create Role
From the RA Web menu, roles can be added or edited through Role Management > Roles . In the edit page, CAs and End Entity Profile, authorized by the logged in administrator are displayed in the Available box. Moving items to the Allowed box will grant corresponding access to the members of the role. Access may also be granted to other RA related operations using th e End Entity permissions options.
Members can be added to an existing role or edited through Role Management > Role Members . Similar to the administrator web, options are available to select role, match with attribute and select CA to associate the member with.
Namespace to be associated with a role may be selected from the list menu at the top of the page when creating or editing a role. A new namespace can also be created by selecting Create new namespace from the list menu (if the logged in administrator is authorized to do so). For more information on namespaces, see Roles and Access Rules.