Effective Permissions parameters

Effective permissions grant permission to principal users or groups to perform Trust Protection Platform operations. When any permissions are added or removed from a principal, the corresponding changes also occur in Secret Store without any additional action required by the caller. For example, permission changes automatically update the appropriate Config, UI, and Secret Store permissions.

Effective Permissions parameters

Web SDK parameter name

UI permission name

Effective and any implicit permission grants

IsAssociateAllowed

Associate

Requires:

  • Write permission to the Certificate object and Associate permission plus View permission to the corresponding Application object.
    -OR-
  • Write permission to the Application object and Associate permission plus View permission to the corresponding Certificate object.

The caller can:

  • Associate or disassociate an Application and Device object with a certificate.
  • Push the certificate and private key to the Application object.
  • Retry the certificate installation.

IsCreateAllowed

Create

The caller can create subordinate objects, such as Devices and Applications. Create permission grants implicit View permission.

IsDeleteAllowed

Delete

The caller can delete objects.

IsManagePermissionsAllowed

Master Admin or ManagePermissions

The caller can grant other user or group Identities permission to the current object or subordinate objects.

IsPolicyWriteAllowed

Manage Policy

The caller can modify policy values on folders. Also requires View permission. Manage Policy permission grants implicit Read permission and Write permission.

IsPrivateKeyReadAllowed

Private Key Read

The caller can download the private key for Policy and Certificate objects.

IsPrivateKeyWriteAllowed

Private Key Write

The caller can upload the private key for Policy, Certificate, and Private Key Credential objects to Trust Protection Platform.

IsReadAllowed

Read

The caller can view and read object data from the Policy tree. However, to view subordinate objects, View permission or higher permissions is also required.

IsRenameAllowed

Rename

The caller can rename and move Policy tree objects. Move capability also requires Rename permission to the object and Create permission to the target folder.

IsRevokeAllowed

Revoke

The caller can invalidate a certificate. Also requires Write permission to the certificate.

IsViewAllowed

View

The caller can confirm that the object is present in the Policy tree.

IsWriteAllowed

Write

The caller can edit object attributes. To move objects in the tree, the caller must have Write permission to the objects and Create permission to the target folder. Write permission grants implicit Read permission.