Replies: 1 comment 6 replies
-
|
EJBCA doesn't use any approvals by default. You need to configure approvals as "Approval Profiles" in EJBCA and you can do it flexible for different types of certificates and types of users. What admin actions specifically did you refer to? |
Beta Was this translation helpful? Give feedback.
-
|
You have an option for "Allow Self Approved Request Editing". |
Beta Was this translation helpful? Give feedback.
-
|
I have Profile |
Beta Was this translation helpful? Give feedback.
-
|
Well this is contradictory since you say "I want to approve only request by non admin user such as generate new cert.". But in this case the same user made the request, so this request was not created by a non admin user. Yes there is a hard rule that you are not allowed to self-approve, as that is a basic feature of having four eyes principle. If you need a four eyes principle you have to design a serious process for it since it's all about trust and security. |
Beta Was this translation helpful? Give feedback.
-
|
Yes. By saying "I want to approve only request by non admin user" I mean, that operations from admin user don't have to be approved. I could have expressed myself more clearly. Thanks for information, We'll have to deal with it somehow. |
Beta Was this translation helpful? Give feedback.
-
|
You can use duplicated certificate profiles, some with approvals required and some not. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
Hello
Is there possibility to bypass approval for admin actions? I don't want to approve new certificate request generated by admin. It should be forced for non admin users
Beta Was this translation helpful? Give feedback.
All reactions