Trusted Infrastructure administrator privileges configure and manage a vSphere Trust Authority deployment.
These privileges determine who can perform configuration and management tasks for a vSphere Trust Authority deployment. See Prerequisites and Required Privileges for vSphere Trust Authority for more information about the Trust Authority roles and the TrustedAdmins group.
| Privilege Name in the vSphere Client | Description | Required On | Privilege Name in the API |
|---|---|---|---|
| Configure Key Server Trust | Allows managing the Key Providers of the Key Provider Service. |
Root vCenter Server |
TrustedAdmin.ManageKMSTrust |
| Configure Trust Authority Host TPM certificates | Allows creation and modification of the Attestation Service settings. |
Root vCenter Server |
TrustedAdmin.ConfigureHostCertificates |
| Configure Trust Authority Host metadata | Allows editing the base images to be attested by the Attestation Service. |
Root vCenter Server |
TrustedAdmin.ConfigureHostMetadata |
| Configure attesting SSO | Allows editing which hosts can be trusted by the Trust Authority Hosts. |
Root vCenter Server |
TrustedAdmin.ManageAttestingSSO |
| Configure token conversion policy | Allows configuring the token conversion policy. |
Root vCenter Server |
TrustedAdmin.ConfigureTokenConversionPolicy |
| List Trusted Infrastructure Hosts | Allows reading information regarding the Trusted Hosts and the Trust Authority Hosts. |
Root vCenter Server |
TrustedAdmin.ReadTrustedHosts |
| List information about the STS | Allows exporting the Trusted Host details, so that they can be imported to the Trust Authority Cluster. | Root vCenter Server |
TrustedAdmin.ReadStsInfo |
| Manage Trusted Infrastructure Hosts | Allows editing the information regarding the Trusted Hosts and the Trust Authority Hosts. | Root vCenter Server |
TrustedAdmin.ManageTrustedHosts |
| Read Key Server Trust | Allows reading the Key Providers of the Key Provider Service. | Root vCenter Server |
TrustedAdmin.ReadKMSTrust |
| Read attesting SSO | Allows reading which hosts can be trusted by the Trust Authority Hosts. | Root vCenter Server |
TrustedAdmin.ReadAttestingSSO |
| Retrieve TPM Trust Authority Host certificates | Allows reading the settings of the Attestation Service. | Root vCenter Server |
TrustedAdmin.RetrieveTPMHostCertificates |
| Retrieve Trust Authority Host metadatata | Allows reading which base images can be attested by the Attestation Service. | Root vCenter Server |
TrustedAdmin.RetrieveHostMetadata |
