Best practices for role-based access control (RBAC) from
the Panorama™ management server.
A key to successful configuration management
in a dynamic environment is to be able to assign the appropriate
privileges for your team members. Panorama provides extensive
role-based access control (RBAC)
that allows granular role definition. RBAC can be combined with
access domains to facilitate segmenting access to managed firewalls.
This helps reduce your attack surface and avoid accidental or malicious
misuse of administrator privileges.
Define
administrative roles to
help administrators successfully manage firewalls without over-provisioning
their access.
Create
access domains for your
Panorama administrators if you have multiple subsets of firewalls
serving different purposes. For example, if you data center firewalls,
perimeter firewalls, and branch firewalls are managed by different Panorama
administrators configure and assign access domains that restrict access
to only those firewalls that they manage.
Create
device group and template admins to
better control administrative access to managed firewalls within
an access domain and admin role. This offers the most granular access
that allows your team to do their job without causing operational
issues.
