Configure Administrative Access Per Virtual System or Firewall

If you have a superuser administrative account, you can create and configure granular permissions for a vsysadmin or device admin role.
  1. Create an Admin Role Profile that grants or disables permission to an Administrator to configure or read-only various areas of the web interface.
    1. Select
      Device
      Admin Roles
      and
      Add
      an
      Admin Role Profile
      .
    2. Enter a
      Name
      and optional
      Description
      of the profile.
    3. For
      Role
      , specify which level of control the profile affects:
      • Device
        —The profile allows the management of the global settings and any virtual systems.
      • Virtual System
        —The profile allows the management of only the virtual system(s) assigned to the administrator(s) who have this profile. (The administrator will be able to access
        Device
        Setup
        Services
        Virtual Systems
        , but not the
        Global
        tab.)
    4. On the
      Web UI
      tab for the Admin Role Profile, scroll down to
      Device
      , and leave the green check mark (Enable).
      • Under
        Device
        , enable
        Setup
        . Under
        Setup
        , enable the areas to which this profile will grant configuration permission to the administrator, as shown below. (The Read Only lock icon appears in the Enable/Disable rotation if Read Only is allowed for that setting.)
        • Management
          —Allows an admin with this profile to configure settings on the
          Management
          tab.
        • Operations
          —Allows an admin with this profile to configure settings on the
          Operations
          tab.
        • Services
          —Allows an admin with this profile to configure settings on the
          Services
          tab. An admin must have
          Services
          enabled in order to access the
          Device
          Setup Services
          Virtual Systems
          tab. If the
          Role
          was specified as
          Virtual System
          in the prior step,
          Services
          is the only setting that can be enabled under
          Device
          Setup
          .
        • Content-ID
          —Allows an admin with this profile to configure settings on the
          Content-ID
          tab.
        • WildFire
          —Allows an admin with this profile to configure settings on the
          WildFire
          tab.
        • Session
          —Allows an admin with this profile to configure settings on the
          Session
          tab.
        • HSM
          —Allows an admin with this profile to configure settings on the
          HSM
          tab.
    5. Click
      OK
      .
    6. (
      Optional
      ) Repeat the entire step to create another Admin Role profile with different permissions, as necessary.
  2. Apply the Admin role profile to an administrator.
    1. Select
      Device
      Administrators
      , click
      Add
      and enter the
      Name
      to add an Administrator.
    2. (
      Optional
      ) Select an
      Authentication Profile
      .
    3. (
      Optional
      ) Select
      Use only client certificate authentication (Web)
      to have bi-directional authentication; to get the server to authenticate the client.
    4. Enter a
      Password
      and
      Confirm Password
      .
    5. (
      Optional
      ) Select
      Use Public Key Authentication (SSH)
      if you want to use a much stronger, key-based authentication method using an SSH public key rather than just a password.
    6. For
      Administrator Type
      , select
      Role Based
      .
    7. For
      Profile
      , select the profile that you just created.
    8. (
      Optional
      ) Select a
      Password Profile
      .
    9. Click
      OK
      .
  3. Commit the configuration.
    Click
    Commit
    .

Related Documentation