Administrative Roles for Virtual Systems

A
Superuser
administrator can create virtual systems and add a
Device administrator
,
vsysadmin
, or
vsysreader
. A
Device administrator
can access all virtual systems, but cannot add administrators. When you create an Admin Role profile and select the role to be
Virtual System
, the role applies to specific virtual systems on the firewall. From the
Command Line
tab, the two types of virtual system administrative roles are:
  • vsysadmin
    —Has access to specific virtual systems on the firewall to create and manage specific aspects of virtual systems. A vsysadmin doesn’t have access to network interfaces, VLANs, virtual wires, virtual routers, IPSec tunnels, GRE tunnels, DHCP, DNS Proxy, QoS, LLDP, or network profiles. Persons with vsysadmin permission can commit configurations for only the virtual systems assigned to them.
  • vsysreader
    —Has read-only access to specific virtual systems on the firewall and specific aspects of virtual systems. A vsysreader doesn’t have access to network interfaces, VLANs, virtual wires, virtual routers, IPSec tunnels, GRE tunnels, DHCP, DNS Proxy, QoS, LLDP, or network profiles.
A virtual system administrator can view logs of only the virtual systems assigned to that administrator. A
Superuser
or
Device administrator
can view all of the logs, select a virtual system to view, or configure a virtual system as a User-ID hub.

Related Documentation