Netscape MANAGEMENT SYSTEM 6.2 - ADMINISTRATOR Administrator's Manual page 715

Can approve fields/extensions (to be included in a certificate) of certificate
profiles that have been enabled and configured by the Administrator (via
SSL-capable browsers to the CA Agent interface).
Can run tools (CMCEnroll and CMCRevoke) to pre-approve certificate
enrollment and revocation requests.
• Auditors
Can view signed audit logs (from the IT environment). This is the only role
allowed this privilege.
Can verify audit log signatures by running the AuditVerify tool (from the
IT environment).
• Trusted Manager
The Trusted Manager role is a special role that is not for privileged users. It
is created for inter-CIMC_boundary communication. The trust of this
communication is established using the role authentication/authorization
mechanism. Conceptually, this role is not an actual privileged role that a
user can be assigned to. Rather, the Trusted Manager role is a means of
establishing trust between two CMS subsystems. To have the RA
communicate with the CA securely, the CA administrator needs to create
an "RA user" on the CA with the Trusted Manager role when setting up
the RA. All communications between the RA and CA are then made
through this special user with the RA's certificate over SSL
client-authentication and the Trusted Manager role authorization (via
Inter-CIMC_boundary interface connectors).
RA
• Administrators
Can start/stop server (from the command-line).
Can perform all configuration management for the RA (unless assigned
otherwise), including the configuration of certificate profiles (specifying
the set of acceptable values for fields and extensions) for certificate
enrollment requests (via CMS Console).
Can backup (CMSBackup) and restore (CMSRestore) the subsystem from
the command-line.
• Registration Manager Agents
Appendix B Common Criteria Environment: Setup and Operations
CMS Privileged Users and Groups (Roles)
715