: Manage Admin Roles and Access Domains from Panorama
Focus
Focus

Manage Admin Roles and Access Domains from Panorama

Table of Contents

Manage Admin Roles and Access Domains from Panorama

Best practices for role-based access control (RBAC) from the Panorama™ management server.
A key to successful configuration management in a dynamic environment is to be able to assign the appropriate privileges for your team members. Panorama provides extensive role-based access control (RBAC) that allows granular role definition. RBAC can be combined with access domains to facilitate segmenting access to managed firewalls. This helps reduce your attack surface and avoid accidental or malicious misuse of administrator privileges.
See the Best Practices for Security Administrative Access for more detailed information on properly controlling access to your Panorama and managed firewall configurations.
  • Define administrative roles to help administrators successfully manage firewalls without over-provisioning their access.
  • Create access domains for your Panorama administrators if you have multiple subsets of firewalls serving different purposes. For example, if you data center firewalls, perimeter firewalls, and branch firewalls are managed by different Panorama administrators configure and assign access domains that restrict access to only those firewalls that they manage.
  • Create device group and template admins to better control administrative access to managed firewalls within an access domain and admin role. This offers the most granular access that allows your team to do their job without causing operational issues.