15.2 Setting up permissions for key recovery

You can control access to the key recovery features using the Edit Roles workflow.

Note: In addition to the permissions granting access to the key recovery operations, you must grant additional permissions to use the embedded reports for device and certificate selection.

To set permissions for key recovery operations:

1. In the MyID Operator Client, from the More category, select Configuration Settings > Edit Roles.

   Alternatively, in MyID Desktop, from the Configuration category, select the Edit Roles workflow.

   The Edit Roles workflow appears in MyID Desktop. See the Roles section in the Administration Guide for details of using this workflow.

2. To request key recovery to an issued device, set the following permissions:

   • Reports > Certificates To Recover To Device

   • Reports > Devices To Recover

   • Certificates > Recover Certificates

   Note: The cardholder or operator who collects the updates to the issued device must also have the appropriate permissions in the Cards category; for example:

   • Collect Updates

   • Collect My Updates

3. To request key recovery to a new device, set the following permissions:

   • Cards > Recover Certificates To New Device

   • Reports > Certificates To Recover

   • Certificates > View Certificate

   Note: The cardholder or operator who validates or collects the new key recovery card must also have the appropriate permissions in the Cards category; for example:

   • Collect Card

   • Collect Soft Certificate

   • Validate Request

4. To request a self-service key recovery to an existing device using the My Devices option on the MyID Operator Client self-service menu, set the following permission:

   • Reports > My Devices

5. Click Save Changes.