Understanding roles in Venafi CodeSign Protect
In Venafi CodeSign Protect, the various tasks associated with signing code are spread across multiple roles. This separation of duties allows you to set up your code signing environment such that no single person can create and manage code signing projects and sign code using the private keys managed by Trust Protection Platform.
By default, both individuals and groups can be assigned to code signing roles. The Code Signing Administrator, however, has the option to disallow individual users from being assigned roles, thereby forcing group role assignment only.
|
Role |
Responsibility summary |
|---|---|
|
Configures the global code signing defaults for the entire organization. Approves or denies new code signing project requests. |
|
|
Requests code signing projects using the options created by the Code Signing Administrator. Once the project is approved, this person maintains the project. Anybody in the organization who has access to the CodeSign Protect web interface can request code signing projects. |
|
|
Currently, can only view project settings and retrieve archive entries using POST Codesign/RetrieveArchiveEntries. |
|
|
Uses the private keys managed by Trust Protection Platform to sign code. The Code Signing Administrator has the option disallow project key users from having any other roles in the project. |
|
|
When configured in Flow, approves or denies use of private code signing keys. |