Administrative Roles for Virtual Systems

A Superuser administrator can create virtual systems and add a Device administrator, vsysadmin, or vsysreader. A Device administrator can access all virtual systems, but cannot add administrators. When you create an Admin Role profile and select the role to be Virtual System, the role applies to specific virtual systems on the firewall. From the Command Line tab, the two types of virtual system administrative roles are:
  • vsysadmin—Has access to specific virtual systems on the firewall to create and manage specific aspects of virtual systems. A vsysadmin doesn’t have access to network interfaces, VLANs, virtual wires, virtual routers, IPSec tunnels, GRE tunnels, DHCP, DNS Proxy, QoS, LLDP, or network profiles. Persons with vsysadmin permission can commit configurations for only the virtual systems assigned to them.
  • vsysreader—Has read-only access to specific virtual systems on the firewall and specific aspects of virtual systems. A vsysreader doesn’t have access to network interfaces, VLANs, virtual wires, virtual routers, IPSec tunnels, GRE tunnels, DHCP, DNS Proxy, QoS, LLDP, or network profiles.
A virtual system administrator can view logs of only the virtual systems assigned to that administrator. A Superuser or Device administrator can view all of the logs, select a virtual system to view, or configure a virtual system as a User-ID hub.

Related Documentation