Permissions overview
All users listed in the Identity tree can log in to the Trust Protection Platform management console. However, what they can see and do depends upon their assigned permissions. Trust Protection Platform uses a least privileged model of system administration. So, by default, local users have only the Read permission and external users have no permissions. You must explicitly grant permissions to users before they can manage objects.
In Trust Protection Platform, all administrative permissions are managed at the object level. Every encryption system object—folders, Credentials, Workflows, CAs, Devices, Applications, Certificates, Notifications, Channels, Logging Applications, Discoveries, and Discovery Surveys—has a permissions tab. From the object permissions tab, you select the users or groups you want to have permissions to the current object and its subordinate objects, then you select which permissions you want the user or group to have.