Configure an Admin Role Profile

Admin Role profiles enable you to define granular administrative access privileges to ensure protection for sensitive company information and privacy for end users.
As a best practice, create Admin Role profiles that allow administrators to access only the areas of the management interfaces that they need to access to perform their jobs.
  1. Select
    Device
    Admin Roles
    and click
    Add
    .
  2. Enter a
    Name
    to identify the role.
  3. For the scope of the
    Role
    , select
    Device
    or
    Virtual System
    .
  4. In the
    Web UI
    and
    XML API
    tabs, click the icon for each functional area to toggle it to the desired setting: Enable, Read Only, or Disable. For details on the
    Web UI
    options, see Web Interface Access Privileges.
  5. Select the
    Command Line
    tab and select a CLI access option. The
    Role
    scope controls the available options:
    • Device
      role—
      superuser
      ,
      superreader
      ,
      deviceadmin
      ,
      devicereader
      , or
      None
    • Virtual System
      role—
      vsysadmin
      ,
      vsysreader
      , or
      None
  6. Click
    OK
    to save the profile.
  7. Assign the role to an administrator. See Configure a Firewall Administrator Account.

Related Documentation