Encryption administrators can only see the workspaces and keys for the tenant to which they belong.
Encryption administrators can:
- Create, read, and update encryption keys
- Assign the Encryption Admin role
- Remove the Encryption Admin role
Note: To unassign yourself from the encryption administrator role, have another encryption administrator unassign you. Encryption administrators cannot unassign themselves from the Encryption Admin role.
Encryption admin policy
Resource Type | CREATE | READ | UPDATE | DELETE |
Workspace | false | true | false | false |
Key | true | true | true | true |
Role Membership | true | true | false | false |
Role | false | true | false | false |
Policy | false | true | false | false |
User | false | true | false | false |
Tenant | false | true | false | false |
DSM | false | true | false | false |
Encryption Metadata | false | true | false | true |