Infineon Security Platform Solution

User Roles

Security Platform Solution involves several user roles:

• All Security Platform user roles are based on Windows user accounts (local or domain users). These user accounts have been authenticated by Windows logon.
• Each user role has an intended purpose.
• When the Security Platform is configured, members of different user roles are initialized.
• Acting a specific user role requires a specific authentication (e.g. providing a specific password).
• A person can act multiple user roles.

The following table lists all user roles.

User Role	Based on...	Purpose & Tasks	Initialization	Authentication
Security Platform Owner	Windows user account (local or domain), member of the Administrators group	Perform critical administrative tasks, e.g. restoration of Security Platform.	Security Platform Initialization enables a Windows user to act as a Security Platform Owner.	Owner Password
Security Platform Administrator (also called just "Administrator")	Windows user account (local or domain), member of the Administrators group	Perform administrative tasks, which require Windows administrative rights.	No special initialization necessary.	Apart from the authentication as Windows administrator, some administrative tasks require access to special token files protected by dedicated passwords
Security Platform User (also called just "User")	Windows user account (local or domain)	Utilize Security Platform Features, e.g. file and folder encryption or secure e-mail. Configure features and perform user-specific Security Platform tasks.	Security Platform User Initialization enables a Windows user to act as a Security Platform User.	Basic User Password
EFS/PSD Recovery Agent (also called just "User")	Usage of a dedicated recovery certificate and private key.	Recover a user's EFS or PSD data in case the original EFS/PSD credentials are lost.	EFS/PSD recovery is enabled by the registration of recovery agents.	Recovery agent's private key.

©Infineon Technologies AG