Panorama > Admin Roles
Admin Role profiles are custom roles that define the access privileges and responsibilities of administrators. For example, the roles assigned to an administrator control which reports he or she can generate and which device group or template configurations the administrator can view or change.
For a Device Group and Template administrator, you can assign a separate role to each access domain that is assigned to the administrative account (see Panorama > Access Domains). Mapping roles to access domains enables you to achieve very granular control over the information that administrators can access on Panorama. For example, consider a scenario where you configure an access domain that includes all the device groups for firewalls in your data centers and you assign that access domain to an administrator who is allowed to monitor data center traffic but who is not allowed to configure the firewalls. In this case, you would map the access domain to a role that enables all monitoring privileges but disables access to device group settings.
To create an Admin Role profile, Add a profile and configure the settings as described in the following table.
If you use a RADIUS server to authenticate administrators, map the administrator roles and access domains to RADIUS Vendor Specific Attributes (VSAs).
Panorama Administrator Role Settings
Enter a name to identify this administrator role (up to 31 characters). The name is case-sensitive, must be unique and can contain only letters, numbers, spaces, hyphens, and underscores.
(Optional) Enter a description of the role.
Select the scope of administrative responsibility: Panorama or Device Group and Template.
Select from the following options to set the type of access permitted for specific features in the Panorama context (Web UI list) and firewall context (Context Switch UI list):
(Panorama role only)
Select the type of XML API access (Enable, Read Only, or Disable) for Panorama and managed firewalls:
(Panorama role only)
Select the type of role for CLI access:
Panorama > Administrators
Panorama > Administrators Select Panorama Administrators to create and manage accounts for Panorama administrators. If you log in to Panorama as an administrator with a ...
Administrative Roles You configure administrator accounts based on the security requirements of your organization, any existing authentication services that your network uses, and the required ...
Configure a Panorama Administrator Account
Configure a Panorama Administrator Account Administrative accounts specify Administrative Roles and authentication for Panorama administrators. The service that you use to assign roles and perform ...
Access Domains Access domains control administrative access to specific Device Groups and templates Overview of template and template stack configuration functionality. , and also control ...
Role-Based Access Control
Role-Based Access Control Role-based access control (RBAC) enables you to define the privileges and responsibilities of administrative users (administrators). Every administrator must have a user ...
Configure an Admin Role Profile
Configure an Admin Role Profile Admin Role profiles are custom Administrative Roles that enable you to define granular administrative access privileges to ensure protection for ...
Use the Panorama Web Interface
Use the Panorama Web Interface The web interface on both Panorama and the firewall has the same look and feel. However, the Panorama web interface ...
Reference: Web Interface Administrator Access
Reference: Web Interface Administrator Access You can configure privileges for an entire firewall or for one or more virtual systems (on platforms that support multiple ...
Configure Local or External Authentication for Panorama Adm...
Configure Local or External Authentication for Panorama Administrators You can use an external authentication service or the service that is local to Panorama to authenticate ...