============ User Roles ============ .. image:: ZTPKIScreenshots/ZTPKI-AddAccountRole.png Your ZTPKI Account has five roles available: * Account Admin The Account Admin is the "super user" for your account. This role is used to manage other user roles, add organizations as well as day-to-day activities like generating certificates and approving certificates entered by **Requestors**. * Account Auditor The Account Auditor is a read-only role that allows the holder to see all of the certificates, logs and other configuration details of your Account. This role does not have rights to perform any actions other than viewing the Account. * Organization Admin The Organization Admin role is for day-to-day activities like generating certificates and approving certificates entered by **Requestors** for one or more Organizations under your **Account**. * Organization Auditor The Organization Auditor is a read-only role that allows the holder to see all of the certificates, logs and other configuration details of and *Organization* under your Account. This role does not have rights to perform any actions other than viewing the assigned Organization(s). * Requestor The Requestor can *request* certificates for an Organization but each request must be *approved* by an **Organization Admin** or higher role. Adding Users ^^^^^^^^^^^^^^^ The Users screen provides for the creation and management of authorized users of your Account. .. image:: ZTPKIScreenshots/Users.png You can add users and assign a role by clicking the **Invite Users** button: .. image:: ZTPKIScreenshots/User-InviteUser.png To add the **Account**-level roles of Account Admin or Account Auditor, select just your Account name. DO NOT SELECT AN ORGANIZATION: .. image:: ZTPKIScreenshots/Users-InviteAcctRole.png then select the desired role: .. image:: ZTPKIScreenshots/Users-InviteAcctRoleChoice.png For **Organization**-level roles, select your Account and Organization: .. image:: ZTPKIScreenshots/Users-InviteOrgRoleChoice.png Once you've completed adding a user, you'll need to send them the link to the ZTPKI login page.