Define Access to the Web Interface Tabs

The following table describes the top-level access privileges you can assign to an admin role profile (
Device
Admin Roles
). You can enable, disable, or define read-only access privileges at the top-level tabs in the web interface.
Access Level
Description
Enable
Read Only
Disable
Dashboard
Controls access to the
Dashboard
tab. If you disable this privilege, the administrator will not see the tab and will not have access to any of the Dashboard widgets.
Yes
No
Yes
ACC
Controls access to the Application Command Center (ACC). If you disable this privilege, the
ACC
tab will not display in the web interface. Keep in mind that if you want to protect the privacy of your users while still providing access to the ACC, you can disable the
Privacy
Show Full IP Addresses
option and/or the
Show User Names In Logs And Reports
option.
Yes
No
Yes
Monitor
Controls access to the
Monitor
tab. If you disable this privilege, the administrator will not see the
Monitor
tab and will not have access to any of the logs, packet captures, session information, reports or to App Scope. For more granular control over what monitoring information the administrator can see, leave the Monitor option enabled and then enable or disable specific nodes on the tab as described in Provide Granular Access to the Monitor Tab.
Yes
No
Yes
Policies
Controls access to the
Policies
tab. If you disable this privilege, the administrator will not see the
Policies
tab and will not have access to any policy information. For more granular control over what policy information the administrator can see, for example to enable access to a specific type of policy or to enable read-only access to policy information, leave the
Policies
option enabled and then enable or disable specific nodes on the tab as described in Provide Granular Access to the Policy Tab.
Yes
No
Yes
Objects
Controls access to the
Objects
tab. If you disable this privilege, the administrator will not see the
Objects
tab and will not have access to any objects, security profiles, log forwarding profiles, decryption profiles, or schedules. For more granular control over what objects the administrator can see, leave the
Objects
option enabled and then enable or disable specific nodes on the tab as described in Provide Granular Access to the Objects Tab.
Yes
No
Yes
Network
Controls access to the
Network
tab. If you disable this privilege, the administrator will not see the
Network
tab and will not have access to any interface, zone, VLAN, virtual wire, virtual router, IPsec tunnel, DHCP, DNS Proxy, GlobalProtect, or QoS configuration information or to the network profiles. For more granular control over what objects the administrator can see, leave the
Network
option enabled and then enable or disable specific nodes on the tab as described in Provide Granular Access to the Network Tab.
Yes
No
Yes
Device
Controls access to the
Device
tab. If you disable this privilege, the administrator will not see the
Device
tab and will not have access to any firewall-wide configuration information, such as User-ID, high availability, server profile or certificate configuration information. For more granular control over what objects the administrator can see, leave the
Objects
option enabled and then enable or disable specific nodes on the tab as described in Provide Granular Access to the Device Tab.
You cannot enable access to the
Admin Roles
or
Administrators
nodes for a role-based administrator even if you enable full access to the
Device
tab.
Yes
No
Yes

Related Documentation