1
00:00:08,340 --> 00:00:16,540
To manage and configure security on the sea you can use the security tab to view the properties of ACA

2
00:00:16,600 --> 00:00:19,830
in the certification authority council.

3
00:00:20,290 --> 00:00:24,760
You can said the following security permissions on ACA.

4
00:00:24,780 --> 00:00:27,250
You can set route permissions.

5
00:00:27,490 --> 00:00:37,180
Lists are security principles that are assigned this permission can locate this C Ian ADT s or access

6
00:00:37,180 --> 00:00:41,380
it by using the Web council or web services.

7
00:00:41,380 --> 00:00:50,620
If you deploy the C as a standalone C it and other security permission is issue and marriage certificates

8
00:00:51,190 --> 00:00:59,200
security principles that are assigned this permission can approve for denies cert to request that an

9
00:00:59,260 --> 00:01:09,310
abandoned state they can also revoke and issue an issued certificate specifically revocation reason

10
00:01:09,970 --> 00:01:18,880
and perform an on revoke the security principals can also read all issued certificates and export them

11
00:01:18,910 --> 00:01:30,350
to files and other permission is managed see security principles that are assigned this permission can

12
00:01:30,350 --> 00:01:38,330
manage and configure all options on the c they can not manage certificates by default but can grant

13
00:01:38,420 --> 00:01:46,510
themselves the right and other right or permission is request certificates.

14
00:01:46,910 --> 00:01:54,590
Security principles that are assigned this permission can perform certificate requests against lists

15
00:01:54,590 --> 00:01:55,040
see.

16
00:01:55,610 --> 00:02:02,960
However this does not mean that they can enroll for a certificate their certificate template controls

17
00:02:03,080 --> 00:02:11,920
the enrollment permissions in addition to defining security permissions on the access control list of

18
00:02:11,920 --> 00:02:13,630
their CEO object.

19
00:02:13,630 --> 00:02:23,290
You can also use the certificate member step on the SCA properties windows to restrict further security

20
00:02:23,290 --> 00:02:28,880
principles containing the issue and marriage certificates permission.

21
00:02:28,900 --> 00:02:36,640
For example if you want to delegated the issue and manage certificates permission for a specific template

22
00:02:37,000 --> 00:02:45,100
you would grant the security principal the issue and manage certificates right on the security tap of

23
00:02:45,100 --> 00:02:47,290
the CIA properties.

24
00:02:47,290 --> 00:02:52,730
The next step is on the certificate manager a step of the CIA properties.

25
00:02:52,900 --> 00:03:00,970
You have to select restrict certificate managers and the last step you have to select the security principal

26
00:03:01,240 --> 00:03:07,900
that you want to restrict and then modify the templates that you want the security principal to manage

27
00:03:08,680 --> 00:03:13,870
by using the certificate manager or step of the C properties.

28
00:03:13,870 --> 00:03:21,280
You can delegated rights to a specific certificate template without giving a security principal the

29
00:03:21,370 --> 00:03:28,830
issue and manage certificates rights on all templates that are published on this year.