Learn about the various user roles and how to invite users to a Cloud NGFW for AWS
As a Tenant Admin, you can invite additional
users to help manage your Cloud NGFW deployment. You can then place
these new users into the roles necessary for their level of access.
When you invite a user to the Cloud NGFW tenant, by specifying the
user’s email address and assigning one or more Cloud NGFW roles,
the Cloud NGFW tenant sends the user an email that includes a registration
link and temporary password. After logging in for the first time,
the new user will be prompted to create a new password. Until the
invited user has accepted the invitation and logged in to the tenant,
the invitation is considering pending.
Cloud NGFW Role
Add AWS Accounts.
Invite users and assign roles.
Read all firewall resources and its settings.
Read all global and local rulestacks.
Read all tenant users and tenant settings.
Global Firewall Admin
Create global and local rulestacks.
Global Rulestack Admin
Create a global rulestack.
Local Firewall Admin
Associate local rulestack with NGFWs
firewall administrators can only create NGFWs and associate rulestacks
within a specified AWS account.
Local Rulestack Admin
Create local rulestacks.
Associate local rulestacks with NGFWs
Local Rulestack Admin has an account ID associated with it. This
allows local rulestacks created by that admin with NGFWs in the
The email address domain of users invited
by the tenant admin must match the email address domain of the tenant
admin’s login credentials.