Users
Every remote service in the HSM is provided on behalf of a valid user authenticated by the HSM.
HSM Dinamo has two types of user:
- User
- Operator
The difference between the two lies in the system permissions each receives. The Operator type has all the system permissions and can manage the HSM's operating parameters and user base. The User type has only the system permissions assigned to it. A User type with all permissions will have the same powers as the Operator type, but if a firmware update brings a new permission, it will only be enabled on the Operator type.
With regard to user partitions, the Operator type does not have any default permission on these partitions to read or use objects. The Operator type or the User type with backup permission can generate and restore HSM backup files, but cannot access the objects on other people's partitions.
System permissions | Description |
---|---|
Creating and removing users | Manage the HSM user base |
List users | List the users of the HSM base. |
Access to logs | It allows you to export, monitor in time and delete the log records in the HSM. It also allows you to monitor the HSM's operating statistics and parameters. |
Create and restore backups | It allows you to create a backup file and also restore a backup file in HSM. |
Update HSM firmware | Allows you to submit update packages for processing by the HSM. |
Users can be blocked, i.e. prevented from authenticating and accessing HSM services, at the discretion of an HSM administrator. A user's blocking status can be changed at any time via the remote console.
There is a special user in the HSM, called master, who is the administrator (Operator type) of the factory default HSM. The user master cannot be removed from the HSM, and if it is blocked, it can also be unblocked via the HSM's local administration console.
An HSM user's account will be blocked if the limit of incorrect login attempts is exceeded. The limit is 7 (seven) incorrect login attempts.