Operations
read
Displaying CRLs.
update
Updating CRLs.
Default ACIs
allow (read,update) group="Certificate Manager Agents"
Certificate Manager agents can read or update CRLs.
certServer.ca.directory
Allow or deny an update operation to the directory.
Operations
update
Publishing CA certificates and user certificates to the LDAP
directory.
Default ACIs
allow (update) group="Certificate Manager Agents"
Certificate Manager agents can update the directory.
certServer.ca.group
Allow or deny an update operation to add a group.
Operations
add
Adding groups.
Default ACIs
allow (add) group="Administrators"
Only administrators are allowed to add group.
certServer.ca.ocsp
Allow or deny a read operation for OCSP information in the agent services
interface.
ACL Reference
Chapter 8
Authorization
357