1. Home
    2. Panorama
    3. Panorama™ Administrator’s Guide
    4. Set Up Panorama
    5. Configure an Admin Role Profile
    Previous
    Next
    Admin Role profiles are custom Administrative Roles that enable you to define granular administrative access privileges to ensure protection for sensitive company information and privacy for end users. As a best practice, create Admin Role profiles that allow administrators to access only the areas of the management interfaces required to perform their jobs.
    Configure an Admin Role Profile
    Select Panorama > Admin Roles and click Add.
    Enter a Name for the profile and select the Role type: Panorama or Device Group and Template.
    Configure access privileges to each functional area of Panorama ( Web UI) and firewalls ( Context Switch UI) by toggling the icons to the desired setting: Enable (read-write), Read Only, or Disable. If administrators with custom roles will commit device group or template changes to managed firewalls, you must give those roles read-write access to Panorama > Device Groups and Panorama > Templates. If you upgrade from an earlier Panorama version, the upgrade process provides read-only access to those nodes. You cannot manage access to the firewall CLI or XML API through context-switching privileges in Panorama roles.
    If the Role type is Panorama, configure access to the XML API by toggling the Enabled/Disabled icon for each functional area.
    If the Role type is Panorama, select an access level for the Command Line interface: None (default), superuser, superreader, or panorama-admin.
    Click OK to save the profile.
    Previous
    Next

    Related Documentation

    Role-Based Access Control

    Role-Based Access Control Role-based access control (RBAC) enables you to define the privileges and responsibilities of administrative users (administrators). Every administrator must have a user ...

    Panorama > Admin Roles

    Panorama > Admin Roles Admin Role profiles are custom roles that define the access privileges and responsibilities of administrators. For Device Group and Template administrators, ...

    Configure an Administrative Account

    Configure an Administrative Account Administrative accounts specify Administrative Roles , Administrative Authentication methods, and Access Domains for Panorama administrators. You can’t add an administrator account ...

    Device > Admin Roles

    Device > Admin Roles Select Device > Admin Roles to define Admin Role profiles, which are custom roles that determine the access privileges and responsibilities ...

    Give Administrators Access to the CLI

    Give Administrators Access to the CLI Administrative accounts specify roles and authentication methods for the administrators of Palo Alto Networks firewalls. Every Palo Alto Networks ...

    Role Privileges for Commit Types

    Role Privileges for Commit Types For custom Panorama administrator roles, you can now (Panorama, device group, template, or Collector Group) instead of assigning one comprehensive ...

    Panorama > Administrators

    Panorama > Administrators Panorama administrative accounts define administrator role and authentication parameters . To unlock a locked account, click the lock in the Locked User ...

    Set Up Administrative Access to Panorama

    Set Up Administrative Access to Panorama Panorama implements Role-Based Access Control (RBAC) to enable you to specify the privileges and responsibilities of administrators. The following ...

    Enable API Access

    Enable API Access The API supports the following types of Administrators and Admin roles: Dynamic roles: Superuser, Superuser (readonly), Device admin, Device admin (readonly), Vsys ...

    Device > Administrators

    Device > Administrators Administrator accounts control access to firewalls and Panorama. A firewall administrator can have full or read-only access to a single firewall or ...

    © 2019 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo