Creating And Managing Users For A Tps; Searching For Users - Red Hat CERTIFICATE SYSTEM 8.0 - ADMINISTRATION Admin Manual

14.5. Creating and Managing Users for a TPS

There are three defined roles for TPS users, which function as groups for the TPS:
• Agents, who perform actual token management operations, such setting the token status and
changing token policies
• Administrators, who manage users for the TPS subsystem and have limited control over tokens
• Operators, who have no management control but are able to view and list tokens, certificates, and
activities performed through the TPS
Additional groups cannot be added for the TPS.
All of the TPS subsystem users are authenticated against an LDAP directory database that contains
their certificate (because accessing the TPS's web services requires certificate-based authentication),
and the authentication process checks the TPS group entries — ou=TUS Agents, ou=TUS
Administrators, and ou=TUS Operators — to see to which roles the user belongs, using
Apache's mod_tokendb module.
Users for the TPS are added and managed through the web services pages for the TPS. Users can be
easily added to any or all TPS roles.

14.5.1. Searching for Users

1. Open the TPS services page.
https://server.example.com:7889/tus/
2. Click the Administrator Operations tab.
3. Click the Search Users link.
4. Fill in the search parameters; to list all users, do not fill in any criteria.
Creating and Managing Users for a TPS
349