>
    Strata Copilot
    Configure an Admin Role Profile (Strata Cloud Manager)
    Focus
    Download PDF
    Focus
    1. Home
    2. Next-Generation Firewall
    3. Firewall Administration
    4. Manage Firewall Administrators
    5. Configure an Admin Role Profile
    6. Configure an Admin Role Profile (Strata Cloud Manager)
    Download PDF
    Next-Generation Firewall

    Configure an Admin Role Profile (Strata Cloud Manager)

    Table of Contents

    Configure an Admin Role Profile (Strata Cloud Manager)

    In Strata Cloud Manager, you can create and customize admin role profiles to define granular access permissions. You can control which parts of the firewall configuration an administrator can manage across the web UI, REST API, XML API, and command line interfaces.
    1. Select Device SettingsAdmin Roles and click Add Admin Role.
    2. Enter a Name to identify the role.
    3. In the Web UI and REST API tabs, select the required feature to toggle it to the desired setting: Enable, Read Only or Disable. For the XML API tab select, Enable or Disable. For details on the Web UI options, see Web Interface Access Privileges.
    4. Select the Command Line tab and select a CLI access option.
      • None—CLI access is not permitted (default).
      • superuser—Full access. Can define new administrator accounts and virtual systems. Only a superuser can create administrator users with superuser privileges.
      • superreader—Full read-only access.
      • deviceadmin—Full access to all settings except defining new accounts or virtual systems.
      • devicereader—Read-only access to all settings except password profiles (no access) and administrator accounts (only the logged in account is visible).
    5. Click OK to save the profile.
    6. Assign the role to an administrator. See Configure a Firewall Administrator Account.

    © 2026 Palo Alto Networks, Inc. All rights reserved.