Role-based access control (RBAC) enables you to define
the privileges and responsibilities of administrative users (administrators).
Every administrator must have a user account that specifies a role
and authentication method.
Administrative Roles define access to specific configuration settings, logs, and reports
within Panorama and firewall contexts. For Device Group and Template
administrators, you can map roles to
Access Domains, which define access to specific device groups, templates, and
firewalls (through context switching). By combining each access
domain with a role, you can enforce the separation of information
among the functional or regional areas of your organization. For
example, you can limit an administrator to monitoring activities
for data center firewalls but allow that administrator to set policies
for test lab firewalls. By default, every Panorama appliance (virtual
appliance or M-Series appliance) has a predefined administrative
account (admin) that provides full read-write access (superuser access)
to all functional areas and to all device groups, templates, and
firewalls. For each administrator, you can define an authentication
profile that determines how Panorama verifies user access credentials.