I want to configure roles (least privilege) on my CA instance (EJBCA) and I'm trying to find what are the best practices to do this.
I've tried to read the ETSI EN 319 401 - V2.3.1 standard and try to implement this on EJBCA but it is not that obvious.
I'm thinking of implementing the following:
- SECURITY OFFICER ROLE
- This role does not have a lot of things to do on the administration interface.
- He can configure process for approving certificate generation and revocation and CA activation.
- AUDITOR
- Read-Only Access
- CA ADMINISTRATOR
- As the name indicates, CA administration
- PKCS11 session
- CRL Generation & publication
- Certificate profiles configuration & maintenance
- etc ...
- RA ADMINISTRATOR
- Manages End Entites
- Approve/reject End Entites certification requests (revocation requests)
- Manages End Entities Profiles (DN, notifications to end users and other administrator, EE accounts)
- This role can be further divided to (registration officer & revocation officer)
- API
- Authorize applications to use API to generate certificates
- Automatic Enrollment Protocoles
- For SCEP, CMP ... etc
- SYSTEM ADMINISTRATOR
- SSH access to the CA Server
- Technical configuration & maintenance of the CA server
- Can use
ejbca-cli.sh, so basically he/she can be a super administrator which defeats the whole purpose of these roles.
Is this correct ? any improvements or recommendations ?
Thank you
