Roles

Your ACM Account has five roles available. To add a user and assign a role please refer to Users.

• Account Admin

  The Account Admin is the “super user” for your account. This role is used to manage other user roles, add organizations as well as day-to-day activities like generating certificates and approving certificates entered by Requestors.

• Account Auditor

  The Account Auditor is a read-only role that allows the holder to see all of the certificates, logs and other configuration details of your Account. This role does not have rights to perform any actions other than viewing the Account.

• Organization Admin

  The Organization Admin role is for day-to-day activities like generating certificates and approving certificates entered by Requestors for one or more Organizations under your Account.

• Organization Auditor

  The Organization Auditor is a read-only role that allows the holder to see all of the certificates, logs and other configuration details of and Organization under your Account. This role does not have rights to perform any actions other than viewing the assigned Organization(s).

• Requestor

  The Requestor can request certificates for an Organization. Certificate issuance policies can be configured to require that each request must be approved by an Organization Admin or higher role. This is optional and must NOT be set for Requestor roles used for API requests.