Consider the following two roles with respect to CRYPTOZ permissions.
- Security officer: Role of the user who is creating and configuring the PKCS#11 token for Identity Token Support. Permissions for the security officer role should include SO.TERADATA.TTU.PKCS11.TOKEN (control).
- User: Role the users who will be using Identity Token Support. Permissions for the user role should include USER.TERADATA.TTU.PKCS11.TOKEN (read).
Teradata’s TRDGTOKN setup and configuration program requires these permissions by program function:
- LIST
- USER.TERADATA.TTU.PKCS11.TOKEN (read)
- DELETE
- SO.TERADATA.TTU.PKCS11.TOKEN (update)
- CREATE
- SO.TERADATA.TTU.PKCS11.TOKEN (control)