Define Access to the Web Interface Tabs

The following table describes the top-level access privileges you can assign to an admin role profile (DeviceAdmin Roles). You can enable, disable, or define read-only access privileges at the top-level tabs in the web interface.
Access Level
Description
Enable
Read Only
Disable
Dashboard
Controls access to the Dashboard tab. If you disable this privilege, the administrator will not see the tab and will not have access to any of the Dashboard widgets.
Yes
No
Yes
ACC
Controls access to the Application Command Center (ACC). If you disable this privilege, the ACC tab will not display in the web interface. Keep in mind that if you want to protect the privacy of your users while still providing access to the ACC, you can disable the PrivacyShow Full IP Addresses option and/or the Show User Names In Logs And Reports option.
Yes
No
Yes
Monitor
Controls access to the Monitor tab. If you disable this privilege, the administrator will not see the Monitor tab and will not have access to any of the logs, packet captures, session information, reports or to App Scope. For more granular control over what monitoring information the administrator can see, leave the Monitor option enabled and then enable or disable specific nodes on the tab as described in Provide Granular Access to the Monitor Tab.
Yes
No
Yes
Policies
Controls access to the Policies tab. If you disable this privilege, the administrator will not see the Policies tab and will not have access to any policy information. For more granular control over what policy information the administrator can see, for example to enable access to a specific type of policy or to enable read-only access to policy information, leave the Policies option enabled and then enable or disable specific nodes on the tab as described in Provide Granular Access to the Policy Tab.
Yes
No
Yes
Objects
Controls access to the Objects tab. If you disable this privilege, the administrator will not see the Objects tab and will not have access to any objects, security profiles, log forwarding profiles, decryption profiles, or schedules. For more granular control over what objects the administrator can see, leave the Objects option enabled and then enable or disable specific nodes on the tab as described in Provide Granular Access to the Objects Tab.
Yes
No
Yes
Network
Controls access to the Network tab. If you disable this privilege, the administrator will not see the Network tab and will not have access to any interface, zone, VLAN, virtual wire, virtual router, IPsec tunnel, DHCP, DNS Proxy, GlobalProtect, or QoS configuration information or to the network profiles. For more granular control over what objects the administrator can see, leave the Network option enabled and then enable or disable specific nodes on the tab as described in Provide Granular Access to the Network Tab.
Yes
No
Yes
Device
Controls access to the Device tab. If you disable this privilege, the administrator will not see the Device tab and will not have access to any firewall-wide configuration information, such as User-ID, high availability, server profile or certificate configuration information. For more granular control over what objects the administrator can see, leave the Objects option enabled and then enable or disable specific nodes on the tab as described in Provide Granular Access to the Device Tab.
You cannot enable access to the Admin Roles or Administrators nodes for a role-based administrator even if you enable full access to the Device tab.
Yes
No
Yes

Related Documentation