The encryption administrator role enables you to manage the Bring Your Own Key (BYOK) encryption keys for your organization. This role also lets you manage the encryption of your workspaces.
Encryption administrators can only see the workspaces and keys for the tenant to which they belong.
Encryption administrators can:
- Create, read, and update encryption keys
- Assign the encryption administrator role
- Remove the encryption administrator role
Note: To unassign yourself from the encryption administrator role, another encryption administrator must unassign you. Encryption administrators can't unassign themselves from the encryption administrator role.
Encryption administrator policy details
The table below displays the resources that an encryption administrator controls.
| Resource Type | CREATE | READ | UPDATE | DELETE |
| Encryption Metadata | ||||
| Administration | ||||
| Tenant | ||||
| User | ||||
| Policy | ||||
| Role Membership | ||||
| Role | ||||
| Key | ||||
| Workspace |
