Application privileges
This table contains all the static defined privileges for the operations in the Portal component.
| Name | Id | Description |
|---|---|---|
ActiveUserListView |
16 |
Allow an officer to view a list of active users in the system. |
AdditionalIdentities |
87 |
Allow an officer to view additional identities for users, tokens and end entities. |
AdditionalOrderInformation |
124 |
Allow an officer to view additional information and state of an order from token manufacturer. |
AdminView |
64 |
Allow an officer to view administration types in the system. |
AuditLogSearch |
24 |
Allow an officer to search for audit log items. |
AuditLogView |
25 |
Allow an officer to view details of an audit log item. |
BackTask |
125 |
Allow an officer to back and re-edit information in a task. |
CancelTask |
69 |
Allow an officer to cancel a task that is in progress. It’s not possible to cancel a task that waits for external service. |
CancelTaskExternal |
80 |
Allow an officer to force cancelling of a task even if the task wais for external service. |
CancelTaskPretermit |
109 |
Allow an officer to force cancelling of a task even if the officer does not have the CancelTask permission. |
CertificateAuthorityAdd |
100052 |
Allow an officer to create a new certificate authority item into the system. |
CertificateAuthorityDelete |
100054 |
Allow an officer to delete an existing certificate authority item from the system. |
CertificateAuthorityEdit |
100053 |
Allow an officer to edit an existing certificate authority item in the system. |
CertificateAuthorityView |
100051 |
Allow an officer to view details of an existing certificate authority item in the system. |
CertificateImport |
86 |
Allow an officer to import an external certificate into the system. |
CertificateKey |
132 |
Allow an officer to load server generated certificates including keys (e.g. PKCS#12) behalf on another user. This can typically be used by an external service using the API for automatic recover for e.g. S/MIME certificates and keys. However, this is a critical privilege and should ordinarily not be used by an officer. |
CertificateRevoke |
21 |
Allow an officer to revoke certificates that does not have any relation to an entity. |
CertificateSearch |
20 |
Allow an officer to search for certificate items. |
CertificateTemplateAdd |
100056 |
Allow an officer to create a new certificate template item into the system. |
CertificateTemplateDelete |
100058 |
Allow an officer to delete an existing certificate template item from the system. |
CertificateTemplateEdit |
100057 |
Allow an officer to edit an existing certificate template item in the system. |
CertificateTemplateView |
100055 |
Allow an officer to view details of an exising certificate template item in the system. |
CertificateView |
22 |
Allow an officer to view details of an existing certificate item in the system. |
ChangeOrganization |
130 |
Allow an officer to assign an entity item (User, Token or EndEntity) to another organization. |
CitizenServiceAdd |
100044 |
Allow an officer to create a new citizen service item into the system. |
CitizenServiceDelete |
100046 |
Allow an officer to delete an existing citizen service item from the system. |
CitizenServiceEdit |
100045 |
Allow an officer to edit an existing citizen service item in the system. |
CitizenServiceSearch |
17 |
Allow an officer to search for users defined as persons against the citizen service items of the system. |
CitizenServiceView |
100043 |
Allow an officer to view details of an citizen service item in the system. |
ContactlessServiceAdd |
100093 |
Allow an officer to create a new contactless service item into the system. |
ContactlessServiceDelete |
100095 |
Allow an officer to delete an existing contactless service item from the system. |
ContactlessServiceEdit |
100094 |
Allow an officer to edit an existing contactless service item in the system. |
ContactlessServiceView |
100092 |
Allow an officer to view details of an contactless service item in the system. |
CreateUserAlias |
72 |
Allow an officer to create a new alias user, a user that is bounded to a primary user. |
CustomizedSearchService |
115 |
Feature not implemented. |
DeleteUserAliasAssignment |
114 |
Allow an officer to delete assignment between primary user and alias user. |
DiagnosticLogSearch |
117 |
Allow an officer to search for diagnostic log items. |
DiagnosticLogView |
116 |
Allow an officer to view details of an diagnostic log item. |
DirectoryEndEntitySearch |
111 |
Allow an officer to search for computers and end entities against the directory service items of the system. |
DirectoryEndEntitySearchPretermit |
121 |
Allow an officer to search for computers and end entities against the directory service items of the system with a secondary LDAP search string. Useful for administrators using another higher search level. |
DirectoryServiceAdd |
100048 |
Allow an officer to create a new directory service item into the system. |
DirectoryServiceDelete |
100050 |
Allow an officer to delete an existing directory service item from the system. |
DirectoryServiceEdit |
100049 |
Allow an officer to edit an existing directory service item in the system. |
DirectoryServiceView |
100047 |
Allow an officer to view details of an existing directory service item in the system. |
DirectoryUserSearch |
10 |
Allow an officer to search for users against the directory service items of the system. |
DirectoryUserSearchPretermit |
113 |
Allow an officer to search for users against the directory service items of the system with a secondary LDAP search string. Useful for administrators using another higher search level. |
DistributeToken |
53 |
Allow an officer to distribute a token, arrived from manufacturer, to a user. |
EndEntityAdd |
91 |
Allow an officer to create a new end entity item into the system. |
EndEntityAddExternal |
112 |
Allow an officer to create a new end entity item from external part (e.g. directory service items) into the system. |
EndEntityDelete |
93 |
Allow an officer to delete an existing end entity item. |
EndEntityEdit |
92 |
Allow an officer to edit an existing end entity item. |
EndEntityEnroll |
95 |
Allow an officer to enroll certificates against an existing end entity item. |
EndEntityReceiptView |
134 |
Allow an officer to view receipts of an existing end entity item. |
EndEntityRenew |
129 |
Allow an officer to renew existing certificates of an end entity item. |
EndEntityRevoke |
97 |
Allow an officer to revoke an existing end entity item including the certificates related to the item. |
EndEntityRevokeCertificate |
98 |
Allow an officer to revoke existing certificates of an end entity item. |
EndEntitySearch |
90 |
Allow an officer to search for end entity items. |
EndEntitySynchronize |
100 |
Allow an officer to synchronize information of an existing end entity item from service of its origin. |
EndEntityView |
89 |
Allow an officer to view details of an existing end entity item. |
ExportConfiguration |
100066 |
Allow an officer to export data from current organization item, and subordinated item, into a compressed serialized string. This can be used when contact support of Pointsharp. |
ExportLicense |
100063 |
Feature not implemented. |
ExternalServiceGeneric |
137 |
Allow an officer to load data from external service though dynamic attribute structure (API:GetData). |
FinalizeSetup |
100068 |
Allow an officer to finalize the setup of the system and will require certificate login for the administrator. |
GenerateClientLicense |
100065 |
Feature not implemented. |
GenerateCustomerLicense |
100061 |
Feature not implemented. |
GenerateOneTimePassword |
51 |
Allow an officer to generate and store one time password for a user item into the system. |
GetOrganizationId |
123 |
Allow an officer to get the unique identifier of a organization item via internal data though dynamic attribute structure (API:GetData). |
GetUserId |
133 |
Allow an officer to get the unique identifier of a user item via internal data though dynamic attribute structure (API:GetData). |
ImportConfiguration |
100097 |
Allow an officer to import configuration as compressed serialized string. This can be used when contact support of Pointsharp. |
ImportLicense |
100064 |
Feature not implemented. |
ManageAdminPrivileges |
100067 |
Allow an officer to handle administration type privileges when manage roles. |
OfficeAdd |
100005 |
Allow an officer to create a new office item into the system. |
OfficeDelete |
100007 |
Allow an officer to delete an existing office item from the system. |
OfficeEdit |
100006 |
Allow an officer to edit an existing office item in the system. |
OfficeRestrictionAssignment |
88 |
Allow an officer to assign (add/delete) restriction relations between user and office items. |
OfficeView |
100004 |
Allow an officer to view details of an existing office item in the system. |
OrderTokenCodeLetter |
38 |
Allow an officer to create a new code letter order for a token against the manufacturer of the token. |
OrderTokenNonPersonalized |
36 |
Allow an officer to create a new order of temporary tokens for the organization against the manufacturer. |
OrderTokenPersonalized |
34 |
Allow an officer to create a new user personalized token order against a manufacturer. |
OrganizationAdd |
100001 |
Allow an officer to create a new organization item into the system. |
OrganizationDelegation |
81 |
Allow an officer to switch to another organization and load data from other organizations. The organizations are specified in the main organization item. |
OrganizationDelete |
100003 |
Allow an officer to delete an existing organization item from the system. |
OrganizationEdit |
100002 |
Allow an officer to edit an existing organization item in the system. |
OrganizationRevoke |
100096 |
Allow an officer to revoke an entire organization. The operation will revoke all users, tokens, end entities and certificates within the organization. |
OrganizationView |
100000 |
Allow an officer to view details of an existing organization item in the system. //// |
PasskeyEnroll |
139 |
Allow an officer to enroll a passkey against external service. |
PasskeyRevoke |
140 |
Allow an officer to revoke a passkey against external service. |
PasskeyView |
138 |
Allow an officer to view a passkey item. //// |
PersonalInformationView |
110 |
Allow an officer to view personal information of a user (e.g. names, tokens and logs). This can even be used for end users to view their own personal information for GDPR purpose. |
RecoverCertificate |
106 |
Allow an officer to recover existing certificate and key pair to a new token. This requires that the original key pair is generated on the server due to that a private key on a hardware token can not be exported. |
ReleaseTask |
70 |
Allow an officer to release a task that is in progress. A released task means that any officer can continue working with the task. It’s not possible to release a task that waits for external service. |
ReleaseTaskExternal |
119 |
Allow an officer to force release of a task even if the task wais for external service. |
ReleaseTaskPretermit |
120 |
Allow an officer to force release of a task even if the officer does not have the ReleaseTask permission. |
ReportAdd |
100028 |
Allow an officer to create a new report item into the system. |
ReportDelete |
100030 |
Allow an officer to delete an existing report item from the system. |
ReportEdit |
100029 |
Allow an officer to edit an existing report item in the system. |
ReportView |
27 |
Allow an officer to view a pre-defined report in the system. This can be used to generate different kind if pre-defined reports. |
RoleAdd |
100021 |
Allow an officer to create a new role item into the system. |
RoleDelete |
100023 |
Allow an officer to delete an existing report item from the system. |
RoleEdit |
100022 |
Allow an officer to edit an existing report item in the system. |
RoleView |
100020 |
Allow an officer to view details of an existing role item in the system. |
SaveTask |
122 |
Allow an officer to save a task. A saved task means that the information in current state of the task will be saved on the server and will be able to be loaded again when loading the task another time. |
SelfView |
50 |
Allow an officer and end users to be able to manage their own items (e.g. revoke tokens and certificate). |
ShortMessageServiceAdd |
100040 |
Allow an officer to create a new short message service (SMS) item into the system. |
ShortMessageServiceDelete |
100042 |
Allow an officer to delete an existing short message service (SMS) item from the system. |
ShortMessageServiceEdit |
100041 |
Allow an officer to edit an existing short message service (SMS) item in the system. |
ShortMessageServiceView |
100039 |
Allow an officer to view details of an existing short message service (SMS) item in the system. |
SMTPServiceAdd |
100036 |
Allow an officer to create a new SMTP-service item into the system. |
SMTPServiceDelete |
100038 |
Allow an officer to delete an existing SMTP-service item from the system. |
SMTPServiceEdit |
100037 |
Allow an officer to edit an existing SMTP-service item in the system. |
SMTPServiceView |
100035 |
Allow an officer to view details of an existing SMTP-service item in the system. |
SystemConfigurationEdit |
100060 |
Allow an officer to edit the system configuration item. |
SystemConfigurationView |
100059 |
Allow an officer to view details of the system configuration item. |
TaskTypeAdd |
100089 |
Allow an officer to create a new task type into current task type configuration blob. |
TaskTypeDelete |
100091 |
Allow an officer to delete an existing task type from current task type configuration blob. |
TaskTypeEdit |
100090 |
Allow an officer to edit an existing task type in current task type configuration blob. |
TaskTypeView |
100088 |
Allow an officer to view the generic task type configuration blob. |
TextAgreementView |
136 |
Allow an officer to view agreements for an item (e.g. tokens and end entities). |
TextEdit |
100079 |
Allow an officer to edit the generic text blob. This text blob, in different languages, are texts that is used server-side. |
TextView |
100077 |
Allow an officer to view the generic text blob. |
TokenAdd |
12 |
Allow an officer to create a new token item into the system. |
TokenAddBatch |
82 |
Allow an officer to create a batch of new token items into the system. |
TokenAddInit |
73 |
Allow an officer to automatically create a token item into the system when a hardware token is initialized locally on the client. |
TokenDelete |
14 |
Allow an officer to delete an existing token item from the system. |
TokenEdit |
13 |
Allow an officer to edit an existing token item in the system. |
TokenEnroll |
31 |
Allow an officer to enroll a token to a user. This usually means issuing certificates and generating och keys on a local hardware token. |
TokenEnrollAdditional |
58 |
Allow an officer to issue additional certificates to an already enrolled token. |
TokenManufacturerAdd |
100032 |
Allow an officer to create a new token manufacturer item into the system. |
TokenManufacturerArticleAdd |
100085 |
Allow an officer to create a new token manufacturer article item into the system. |
TokenManufacturerArticleDelete |
100087 |
Allow an officer to delete an existing token manufacturer article item from the system. |
TokenManufacturerArticleEdit |
100086 |
Allow an officer to edit an existing token manufacturer article item in the system. |
TokenManufacturerArticleView |
100098 |
Allow an officer to view details of an existing token manufacturer article item in the system. |
TokenManufacturerDelete |
100034 |
Allow an officer to delete an existing token manufacturer item from the system. |
TokenManufacturerEdit |
100033 |
Allow an officer to edit an existing token manufacturer item in the system. |
TokenManufacturerView |
100031 |
Allow an officer to view details of an existing token manufacturer item in the system. |
TokenProfileAdd |
100025 |
Allow an officer to create a new token profile item into the system. |
TokenProfileDelete |
100027 |
Allow an officer to delete an existing token profile item from the system. |
TokenProfileEdit |
100026 |
Allow an officer to edit an existing token profile item in the system. |
TokenProfileView |
100024 |
Allow an officer to view details of an existing token profile item in the system. |
TokenReceiptView |
26 |
Allow an officer to view receipts of an existing token item. |
TokenRenew |
59 |
Allow an officer to renew existing certificates of a token item. FileTokens (PKCS#12) must be renewed by the user of the existing certificate. |
TokenRevoke |
32 |
Allow an officer to revoke an existing token item including the certificates related to the item. |
TokenRevokeCertificate |
66 |
Allow an officer to revoke existing certificates of an exiting token item. |
TokenSearch |
15 |
Allow an officer to search for token items. |
TokenTemplateAdd |
100013 |
Allow an officer to create a new token template item into the system. |
TokenTemplateDelete |
100015 |
Allow an officer to delete an existing token template item from the system. |
TokenTemplateEdit |
100014 |
Allow an officer to edit an existing token template item in the system. |
TokenTemplateView |
100012 |
Allow an officer to view details of an existing token template item in the system. |
TokenTemplateVersionAdd |
100017 |
Allow an officer to create a new token template version item into the system. |
TokenTemplateVersionDelete |
100019 |
Allow an officer to delete an existing token template version item from the system. |
TokenTemplateVersionEdit |
100018 |
Allow an officer to edit an existing token template version item in the system. |
TokenTemplateVersionView |
100016 |
Allow an officer to view details of an existing token template version item in the system. |
TokenUnlock |
33 |
Allow an officer to unlock PIN of a locked token for the end user. The token will be unlocked automatically using the token locally by the officer. |
TokenUnlockDisplay |
61 |
Allow an officer to help the end user to unlock PIN of a locked token remotely when a token can not be unlocked locally by the officer (e.g. view the PUK of the token). |
UploadLicense |
100062 |
Allow an officer to upload/update the license for the system. |
UserAdd |
2 |
Allow an officer to create a new user item into the system. |
UserAddBatch |
135 |
Allow an officer to create a batch of new user items into the system. |
UserAddExternal |
60 |
Allow an officer to create a new user item from external part (e.g. directory service items) into the system. |
UserAddSequenceNumber |
52 |
Allow an officer to create a new user generating a sequence number as social security number. |
UserAliasAssignment |
79 |
Allow an officer to assign subordinated alias accounts to a user. |
UserDelete |
4 |
Allow an officer to delete an existing user item from the system. |
UserEdit |
3 |
Allow an officer to edit an existing user item in the system. |
UserImageUpload |
67 |
Allow an officer to upload a person photo image for an existing user item. |
UserItemsRevoke |
126 |
Allow an officer to revoke all items related to a user (tokens and certificates). |
UserRestrictionPretermit |
85 |
Allow an officer to override user group restriction. |
UserRevoke |
99 |
Allow an officer to revoke an existing user item. |
UserSearch |
5 |
Allow an officer to search for user items. |
UserSecrecyPretermit |
83 |
Allow an officer to override the policy of using secrecy flagged user items. |
UserSignatureImageUpload |
68 |
Allow an officer to upload a signature image for an existing image in the system. |
UserSynchronize |
23 |
Allow an officer to synchronize information of an existing user item from service of its origin. |
UserTypePretermit |
131 |
Allow an officer to search and view all users types defined as Person and Service, otherwise only types defined as Person will be used. |
UserView |
1 |
Allow an officer to view a user registered in the system. |