Certificate Inventory and Management roles and responsibilities

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Dedicated users with specialized roles are assigned to optimize the monitoring and tracking of requests for new and renewing certificates.

    The Certificate Inventory and Management dashboard and certificate configuration settings are activated or deactivated depending on the assigned roles.
    Role Responsibilities
    Certificate Administrator

    [sn_disco_certmgmt.pki_admin]

    The headless user (an account not tied to a specific user) is included in the base system and equipped with the sn_disco_certmgmt.pki_admin role. It serves as the caller for automatically generated renewal certificate tasks and incidents. To customize this user, adjust the user ID using the Discovery property: glide.discovery.certs.cert_admin_user_id instead of leaving it as the default headless user.

    Responsible for changing non-standard attributes in the original certificate record, this role can modify attributes like state, status, assigned to, assignment group, renewal tracking, and service type. The certificate's inherent attributes remain unaltered. The default state for discovered certificates is installed, but this role can manually adjust it to other states such as issued, installed, revoked, and retired. Additionally, users with this role have the capability to view diverse dashboards and possess read/write access to certificates and certificate tasks associated with certificate Discovery.

    Note:
    • The sn_disco_certmgmt.pki_admin role contains the sn_disco_certmgmt.pki_user role.
    • Any user with the pki_admin role can be added to the approver field in the certificate request form. Users with pki_admin role should be assigned with the approval_admin role manually to approve or reject requests from the certificate task form. This approver does not need to login to approve the task. In a certificate task form or related list, system admin or a user with approval_admin role or pki_admin role can add multiple approvers or edit the existing one.
    • The approver_user role is required if the user wants to approve a request by logging in. Without the approver_user role, a user doesn't have the option to navigate to My Approvals where the requests can be approved.
    Certificate User

    [sn_disco_certmgmt.pki_user]

    		 Responsible for overseeing certificate discovery, this role is granted the ability to access diverse dashboards and has read/write permissions for certificates and associated certificate tasks.
    Certificate Approver

    [sn_disco_certmgmt.pki_approver]

    		 Responsible for certificate requests, a user with this role (normal user) can initiate certificate requests through the Service Catalog form.
    Certificate Requester

    [sn_disco_certmgmt.certificate_requester]

    		 Responsible for submitting certificate requests, this role is granted the ability to request and renew certificates from the Service Catalog.