Panorama > Admin Roles
Admin Role profiles are
custom roles that define the access privileges and responsibilities
of administrators. For example, the roles assigned to an administrator
control which reports he or she can generate and which device group
or template configurations the administrator can view or change.
For a Device Group and Template administrator, you can assign
a separate role to each access domain that is assigned to the administrative
account (see Panorama
> Access Domains). Mapping roles to access domains enables
you to achieve very granular control over the information that administrators
can access on Panorama. For example, consider a scenario where you
configure an access domain that includes all the device groups for
firewalls in your data centers and you assign that access domain
to an administrator who is allowed to monitor data center traffic
but who is not allowed to configure the firewalls. In this case,
you would map the access domain to a role that enables all monitoring
privileges but disables access to device group settings.
To create an Admin Role profile,
Add
a
profile and configure the settings as described in the following
table. If you use a RADIUS server to authenticate administrators, map the administrator roles and access domains
to RADIUS Vendor Specific Attributes (VSAs).
Panorama Administrator
Role Settings | Description |
---|---|
Name | Enter a name to identify this administrator
role (up to 31 characters). The name is case-sensitive, must be
unique and can contain only letters, numbers, spaces, hyphens, and
underscores. |
Description | ( Optional ) Enter a description
of the role. |
Role | |
Web UI | Select from the following options to set
the type of access permitted for specific features in the
Panorama context ( Web UI list ) and firewall
context ( Context Switch UI list ):
|
XML API ( Panorama role only ) | Select the type of XML API access ( Enable or Disable )
for Panorama and managed firewalls:
|
Command Line ( Panorama role only ) | Select the type of role for CLI access:
|
REST API ( Panorama role only ) | Select the type of access ( Enable , Read
Only , or Disable ) that applies
to each REST API endpoint for Panorama and managed firewalls. You
can assign role access to endpoints in the following categories.
|
Context Switch | |
Device Admin Role | Enter the device admin role name
to allow a Panorama administrator to context
switch between the Panorama and managed firewall web interface. |
Recommended For You
Recommended Videos
Recommended videos not found.