Operations
read
Viewing OCSP plug-in information, OCSP configuration, OCSP
stores configuration. Listing OCSP stores configuration.
modify
Modifying OCSP configuration, OCSP stores configuration, and
default OCSP store.
Default ACIs
allow (read) group="Administrators" || group="Certificate Manager
Agents" || group="Registration Manager Agents" || group="Data
Recovery Manager Agents" || group="Online Certificate Status Manager
Agents" || group="Auditors"
allow (modify) group="Administrators"
Administrators, Agents, and auditors are allowed to read OCSP configuration;
only administrators are allowed to modify OCSP configuration.
certServer.ocsp.crl
Allow or deny an add operation for posting CRL to an OCSP.
Operations
add
Submitting a CRL with new revocation status information.
Default ACIs
allow (add) group="Online Certificate Status Manager Agents"
Online Certificate Status Manager agents can add CRL.
certServer.policy.configuration
Allow or deny a read or modify operation to the policy configuration.
ACL Reference
Chapter 8
Authorization
371