System Roles

The System Roles node allows you to view, assign, and delete several pre-defined roles including Master Administrator, Auditor, Access Management Administrator, Recycle Bin Administrator, Schema Administrator, and Code Signing Administrator.

NOTE The Code Signing Administrator option appears only if you have licensed CodeSign Protect.

Viewing current role assignments

Click the System Roles node in Venafi Configuration Console, and the middle panel will display the users who are currently assigned to one (or more) of the system roles. If a user has more than one role, their identity appears once for each assigned role.

Using the Group by drop-down at the top of the list, you can sort the list either alphabetically or by type.

IMPORTANT This list shows roles that have been assigned directly to user identities or group identities. Since users can inherit roles from the groups they belong to, a user may have a role, but not be listed here, if they are a member of a group that is assigned that role.

Assigning new role assignments

In the Actions panel, click the Add action for the role you want to add to a user or group..
Search for the user you want to assign, and click Select.

Removing current role assignments

From the administrators list, select the user whose administrator rights you want to remove.
In the Actions panel, click Delete. You will be prompted to confirm the rights removal.

About the Allow Team Creation role

There is one "role" that you cannot assign in VCC called Allow Team Creation. This is actually a grant and not a system role. You manage this grant in the Policy Tree. Locate the user or group in the Identities tree. For more information, see Managing role and grant assignments in Policy Tree.