Configure an Admin Role Profile

Admin Role profiles enable you to define granular administrative access privileges to ensure protection for sensitive company information and privacy for end users.
As a best practice, create Admin Role profiles that allow administrators to access only the areas of the management interfaces that they need to access to perform their jobs.
  1. Select DeviceAdmin Roles and click Add.
  2. Enter a Name to identify the role.
  3. For the scope of the Role, select Device or Virtual System.
  4. In the Web UI and XML API tabs, click the icon for each functional area to toggle it to the desired setting: Enable, Read Only, or Disable. For details on the Web UI options, see Web Interface Access Privileges.
  5. Select the Command Line tab and select a CLI access option. The Role scope controls the available options:
    • Device role—superuser, superreader, deviceadmin, devicereader, or None
    • Virtual System role—vsysadmin, vsysreader, or None
  6. Click OK to save the profile.
  7. Assign the role to an administrator. See Configure a Firewall Administrator Account.

Related Documentation