4.1
Section Overview
The 'Admin Management' tab allows administrators to create, manage and edit permissions for new and existing administrators. There are 7 types of administrator:
• Master Registration Authority Officer (MRAO) • Registration Authority Officer (RAO) - SSL • Registration Authority Officer (RAO) - SMIME • Registration Authority Officer (RAO) - Code Signing • Department Registration Authority Officer (DRAO) - SSL • Department Registration Authority Officer (DRAO) - SMIME • Department Registration Authority Officer (DRAO) - Code Signing
Administrative Roles:
Master Registration Authority Officer (MRAO)
• The MRAO is the top level administrator and can access all areas and functionality of the CCM interface. • MRAO admins are visible only to other MRAO Admins in the 'Admin Management' area of the CCM interface. • The MRAO can delegate control over the certificates, domains and notifications of any Organization or Department.
Comodo Certificate Manager - Administrator Guide
• The MRAO also has full rights over the creation and privileges of Registration Authority Officers (RAOs), Department Registration Authority Officers (DRAOs) and end-users of any Organization or Department. Click here for more details.
Registration Authority Officer (RAO)
• A Registration Authority Officer (RAO) is an administrative role created by an MRAO or fellow RAO for the purposes of managing the certificates and end-users belonging to one or more CCM Organizations.
• They have control over the certificates that are ordered on behalf of their Organization(s); over Domains that have been delegated to their Organization/Dept by an MRAO; over any Departments of their Organization and over that Organization's end-user membership.
• The RAOs can create Departments and DRAO Administrators within their own Organization, but they should be approved by the MRAO.
• RAO Administrators cannot create a new Organization or edit the General settings of any Organization - even those Organizations to which they have been delegated control. Click here for more details.
Department Registration Authority Officer (DRAO)
• Department Registration Authority Officers are created by, and subordinate to, the RAO class of Administrator. • They are assigned control over the certificates, users and domains belonging to a Department(s) of an Organization. • DRAOs have privileges to access, manage and request certificates for Departments of a Organization that have been
delegated to them by a RAO.
• DRAOs have no Admin creation rights. They can edit only self or fellow DRAO administrators of the Department(s) that they administrate.
• DRAOs have visibility of and can request certificates only for the Department(s) that have been delegated to them. They have no access to manage certificates belonging to Organizations or Departments for which they have not been granted permissions. Click here for more details.
It is also possible to create an Administrator with more than one Admin privileges. Further details about the privileges and security roles of these administrator types can be found in section 1.2.3. Administrative Roles.The remainder of this chapter contains detailed explanations of the controls available from the 'Admin Management' tab.
Admin Management Area - Table of Parameters
Fields Values Description
Name String Administrator's full name.
Email String Administrator's Email Address (it will be used for client certificate enrollment, notifications)
Comodo Certificate Manager - Administrator Guide
Admin Management Area - Table of Parameters
Fields Values Description
Type Shows the type of the administrators
Standard Indicates that the administrator is created in CCM
IdP Template Indicates that the administrator is added via Identity Provider (IdP) template IdP User Indicates that the administrator is added in CCM and was authenticated by IdP Role MRAO Admin The MRAO is the top level administrator and can access all areas and
functionality of the Certificate Manager interface. (More...)
RAO Admin SSL RAO SSL administrators have privileges to access, manage, request and approve the requests of SSL certificates for Departments/domains belonging to their Organization. (More...)
RAO Admin SMIME RAO SMIME administrators have privileges to access, manage, request and approve the requests of Client Certificates for Departments/domains that have been delegated to their Organization. (More...)
RAO Admin Code
Signing RAO Code Signing administrators have privileges to access, manage, request and issue the Code signing Certificates for end-users belonging to their Organization. (More...)
DRAO Admin SSL DRAO SSL administrators have privileges to access, manage and request SSL certificates for Departments of a Organization that have been delegated to them by MRAO or a RAO Admin.(More...)
DRAO Admin
SMIME DRAO SMIME administrators have privileges to access, manage, request Client Certificates for domains that have been delegated to their Department.(More...) DRAO Admin Code
Signing DRAO Code Signing administrators have privileges to access, manage, request and issue the Code signing Certificates for end-users belonging to their Department.(More...)
Active Checkbox Indicates whether the administrator is active or not. Also allows the MRAO and delegated RAO admins to switch other admins between active and inactive states according to their privilege levels.
Note: An administrator can enable or disable the column from the drop-down button beside the last item in the column:
Control Buttons Add Enables MRAO and RAO administrators to add new administrators. Refresh Refreshes the list
Certificate Control Buttons
Note: The types of certificate control buttons depend on the state of the selected certificate
Edit Enables MRAO and RAO administrators to modify the details of the selected administrator.
Delete Deletes the administrator.
Note: If an Administrator is deleted, the details of that Administrator can be viewed but they will no longer be editable.
View Enables MRAO admins to view the details of RAO/DRAO added by another RAO, pending approval.
Comodo Certificate Manager - Administrator Guide
Admin Management Area - Table of Parameters
Fields Values Description
Approve Enables MRAO admins to approve RAO/DRAO added by an RAO. The newly added administrator becomes active only on approval by the MRAO.
Reject Enables MRAO admins to reject RAO/DRAO added by an RAO, pending approval.
Reset Lockout Enables MRAOs to unlock the login screen that has been locked due to consecutive five wrong attempts to login.