>
    Configure an Admin Role Profile
    Focus
    Download PDF
    Focus
    1. Home
    2. PAN-OS
    3. Firewall Administration
    4. Manage Firewall Administrators
    5. Configure an Admin Role Profile
    Download PDF

    Configure an Admin Role Profile

    Table of Contents
    End-of-Life (EoL)

    Configure an Admin Role Profile

    Admin Role profiles enable you to define granular administrative access privileges to ensure protection for sensitive company information and privacy for end users.
    As a best practice, create Admin Role profiles that allow administrators to access only the areas of the management interfaces that they need to access to perform their jobs.
    1. Select DeviceAdmin Roles and click Add.
    2. Enter a Name to identify the role.
    3. For the scope of the Role, select Device or Virtual System.
    4. In the Web UI and REST API tabs, click the icon for each functional area to toggle it to the desired setting: Enable, Read Only or Disable. For the XML API tab select, Enable or Disable. For details on the Web UI options, see Web Interface Access Privileges.
    5. Select the Command Line tab and select a CLI access option. The Role scope controls the available options:
      • Device role—superuser, superreader, deviceadmin, devicereader, or None
      • Virtual System role—vsysadmin, vsysreader, or None
    6. Click OK to save the profile.
    7. Assign the role to an administrator. See Configure a Firewall Administrator Account.

    © 2024 Palo Alto Networks, Inc. All rights reserved.