Creating a new keyset as an application owner
There may be people in your organization who need to request keysets for a device, but don't have access to the device itself to create those keysets because of procedural or protocol restrictions. SSH Protect allows these users the ability to create their own keysets for the device on the Policy Tree, and the keyset is moved to the device. This gives application owners a self-service option for creating keysets even if they don't have permissions to the device.
Application owners need the following SSH Protect permissions to create SSH keys:
-
On the device, or on the Policy folder where the device is located:
-
ViewandCreate
-
-
On the Policy folder where the keyset will be created:
-
View,Read,Write,Create, andPrivate Key Write
-
Notice that these are different than the permissions needed by device owners to create SSH keys, which are:
-
On the device, or on the Policy folder where the device is located:
-
View,Write, andPrivate Key Write
-
When creating a keyset, the order of the fields will change depending on if the user is an application owner or a device owner. When the Create New Keyset modal is displayed, SSH Protect checks the permissions of the user. If they are a device administrator (based on the permissions outlined above), the Add Keyset to Folder field is shown first, and is not optional.