The Encryption Admin role enables you to manage the Bring Your Own Key (BYOK) encryption keys for your organization and handle the encryption of your workspaces. 

Encryption administrators can only see the workspaces and keys for the tenant to which they belong.

Encryption administrators can:

  • Create, read, and update encryption keys
  • Assign the Encryption Admin role
  • Remove the Encryption Admin role

Note: To unassign yourself from the encryption administrator role, have another encryption administrator unassign you.  Encryption administrators cannot unassign themselves from the Encryption Admin role.

Resource TypeCREATEREADUPDATEDELETE
Workspace
Key
Role Membership
Role
Policy
User
Tenant
DSM
Encryption Metadata