Administrative Roles for Virtual Systems

A superuser administrator can create virtual systems and add a Device Administrator, vsysadmin, or vsysreader. A Device Administrator can access all virtual systems, but cannot add administrators. The two types of virtual system administrative roles are:
  • vsysadmin—Has access to specific virtual systems on the firewall to create and manage specific aspects of virtual systems. A vsysadmin doesn’t have access to network interfaces, VLANs, virtual wires, virtual routers, IPSec tunnels, DHCP, DNS Proxy, QoS, LLDP, or network profiles. Persons with vsysadmin permission can commit configurations for only the virtual systems assigned to them.
  • vsysreader—Has read-only access to specific virtual systems on the firewall and specific aspects of virtual systems. A vsysreader doesn’t have access to network interfaces, VLANs, virtual wires, virtual routers, IPSec tunnels, DHCP, DNS Proxy, QoS, LLDP, or network profiles.
A virtual system administrator can view logs of only the virtual systems assigned to that administrator. Someone with superuser or Device Admin permission can view all of the logs or select a virtual system to view.

Related Documentation