The Encryption Admin role enables you to manage the Bring Your Own Key (BYOK) encryption keys for your organization and handle the encryption of your workspaces.
Encryption administrators can only see the workspaces and keys for the tenant to which they belong.
Encryption administrators can:
- Create, read, and update encryption keys
- Assign the Encryption Admin role
- Remove the Encryption Admin role
Note: To unassign yourself from the encryption administrator role, have another encryption administrator unassign you. Encryption administrators cannot unassign themselves from the Encryption Admin role.
Encryption admin policy
| Resource Type | CREATE | READ | UPDATE | DELETE |
| Workspace | ||||
| Key | ||||
| Role Membership | ||||
| Role | ||||
| Policy | ||||
| User | ||||
| Tenant | ||||
| DSM | ||||
| Encryption Metadata |
