1. Home
    2. Panorama
    3. Panorama™ Administrator’s Guide
    4. Set Up Panorama
    5. Configure an Admin Role Profile
    Previous
    Next
    Admin Role profiles are custom Administrative Roles that enable you to define granular administrative access privileges to ensure protection for sensitive company information and privacy for end users. As a best practice, create Admin Role profiles that allow administrators to access only the areas of the management interfaces required to perform their jobs.
    Configure an Admin Role Profile
    Select Panorama > Admin Roles and click Add.
    Enter a Name for the profile and select the Role type: Panorama or Device Group and Template.
    Configure access privileges to each functional area of Panorama ( Web UI) and firewalls ( Context Switch UI) by toggling the icons to the desired setting: Enable (read-write), Read Only, or Disable. If administrators with custom roles will commit device group or template changes to managed firewalls, you must give those roles read-write access to Panorama > Device Groups and Panorama > Templates. If you upgrade from an earlier Panorama version, the upgrade process provides read-only access to those nodes. You cannot manage access to the firewall CLI or XML API through context-switching privileges in Panorama roles.
    If the Role type is Panorama, configure access to the XML API by toggling the Enabled/Disabled icon for each functional area.
    If the Role type is Panorama, select an access level for the Command Line interface: None (default), superuser, superreader, or panorama-admin.
    Click OK to save the profile.
    Previous
    Next

    Related Documentation

    Administrative Roles

    Administrative Roles A role defines the type of access that an administrator has to the firewall. Administrative Role Types Configure an Admin Role Profile Administrative ...

    Role-Based Access Control

    Role-Based Access Control Role-based access control (RBAC) enables you to define the privileges and responsibilities of administrative users (administrators). Every administrator must have a user ...

    Panorama > Admin Roles

    Panorama > Admin Roles Admin Role profiles are custom roles that define the access privileges and responsibilities of administrators. For Device Group and Template administrators, ...

    Reference: Web Interface Administrator Access

    Reference: Web Interface Administrator Access You can configure privileges for an entire firewall or for one or more virtual systems (on platforms that support multiple ...

    Configure an Administrative Account

    Configure an Administrative Account Administrative accounts specify Administrative Roles , Administrative Authentication methods, and Access Domains for Panorama administrators. You can’t add an administrator account ...

    Give Administrators Access to the CLI

    Give Administrators Access to the CLI Administrative accounts specify roles and authentication methods for the administrators of Palo Alto Networks firewalls. Every Palo Alto Networks ...

    Role Privileges for Commit Types

    Role Privileges for Commit Types For custom Panorama administrator roles, you can now assign commit privileges by type (Panorama, device group, template, or Collector Group) ...

    Device > Admin Roles

    Device > Admin Roles Select Device > Admin Roles to define Admin Role profiles, which are custom roles that determine the access privileges and responsibilities ...

    Panorama > Administrators

    Panorama > Administrators Panorama administrative accounts define administrator role and authentication parameters . To unlock a locked account, click the lock in the Locked User ...

    Set Up Administrative Access to Panorama

    Set Up Administrative Access to Panorama Panorama implements Role-Based Access Control (RBAC) to enable you to specify the privileges and responsibilities of administrators. The following ...

    © 2019 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo