The Encryption Admin role enables you to manage the Bring Your Own Key (BYOK) encryption keys for your organization and handle the encryption of your workspaces. 

Encryption administrators can only see the workspaces and keys for the tenant to which they belong.

Encryption administrators can:

  • Create, read, and update encryption keys
  • Assign the Encryption Admin role
  • Remove the Encryption Admin role

Note: To unassign yourself from the encryption administrator role, have another encryption administrator unassign you.  Encryption administrators cannot unassign themselves from the Encryption Admin role.

Encryption admin policy 

Resource TypeCREATEREADUPDATEDELETE
Workspace

false

true

false

false

Key

true

true

true

true

Role Membership

true

true

false

false

Role

false

true

false

false

Policy

false

true

false

false

User

false

true

false

false

Tenant

false

true

false

false

DSM

false

true

false

false

Encryption Metadata

false

true

false

true

Disclaimer

We update Anapedia regularly to provide the most up-to-date instructions.