Device > Admin Roles
Select to define Admin
Role profiles, which are custom roles that determine the access
privileges and responsibilities of administrative users. You assign Admin Role profiles or dynamic roles
when you create
administrative accounts (Device>Administrators).
Device
Admin Roles

To define Admin Role profiles for Panorama administrators,
see Panorama > Admin
Roles.
The firewall has three predefined roles you can use for common
criteria purposes. You first use the superuser role for initial
firewall configuration and to create the administrator accounts
for the Security Administrator, Audit Administrator, and Cryptographic
Administrator. After you create these accounts and apply the proper common
criteria Admin Roles, you then log in using those accounts. The
default superuser account in Federal Information Processing Standard
(FIPS)/Common Criteria (CC) FIPS-CC mode is
admin
and the
default password is paloalto
. In standard operating mode,
the default admin
password is admin
. The predefined
Admin Roles were created where there is no overlap in capabilities,
except that all have read-only access to the audit trail (except
audit administrator with full read/delete access. These admin roles
cannot be modified and are defined as follows:- auditadmin—The Audit Administrator is responsible for the regular review of the firewall’s audit data.
- cryptoadmin—The Cryptographic Administrator is responsible for the configuration and maintenance of cryptographic elements related to the establishment of secure connections to the firewall.
- securityadmin—The Security Administrator is responsible for all other administrative tasks (such as creating Security policy) not addressed by the other two administrative roles.
To add an Admin Role profile, click
Add
and
specify the settings described in the following table.Create custom roles to limit administrator
access to only what each type of administrator needs. For each type
of administrator, enable, disable, or set read-only access for
Web
UI
, XML API
, Command
Line
, and REST API
access.Administrator
Role Settings | |
---|---|
Name | Enter a name to identify this administrator
role (up to 31 characters). The name is case-sensitive and must
be unique. Use only letters, numbers, spaces, hyphens, and underscores. |
Description | ( Optional ) Enter a description
for the role (up to 255 characters). |
Role | Select the scope of administrative responsibility:
|
WebUI | Click the icons for specific web interface features
![]()
|
XML API | Click the icons for specific XML API
![]() Enable or Disable ). |
Command Line | Select the type of role for CLI access.
The default is None , which means access to
the CLI is not permitted. The other options vary by Role scope:
|
REST API | Click the icons for specific REST API
![]() Enable , Read
Only , or Disable ). |
Recommended For You
Recommended Videos
Recommended videos not found.