1. Home
    2. Panorama
    3. Panorama™ Administrator’s Guide
    4. Set Up Panorama
    5. Configure an Admin Role Profile
    Previous
    Next
    Admin Role profiles are custom Administrative Roles that enable you to define granular administrative access privileges to ensure protection for sensitive company information and privacy for end users. As a best practice, create Admin Role profiles that allow administrators to access only the areas of the management interfaces required to perform their jobs.
    Configure an Admin Role Profile
    Select Panorama > Admin Roles and click Add.
    Enter a Name for the profile and select the Role type: Panorama or Device Group and Template.
    Configure access privileges to each functional area of Panorama ( Web UI) and firewalls ( Context Switch UI) by toggling the icons to the desired setting: Enable (read-write), Read Only, or Disable. If administrators with custom roles will commit device group or template changes to managed firewalls, you must give those roles read-write access to Panorama > Device Groups and Panorama > Templates. If you upgrade from an earlier Panorama version, the upgrade process provides read-only access to those nodes. You cannot manage access to the firewall CLI or XML API through context-switching privileges in Panorama roles.
    If the Role type is Panorama, configure access to the XML API by toggling the Enabled/Disabled icon for each functional area.
    If the Role type is Panorama, select an access level for the Command Line interface: None (default), superuser, superreader, or panorama-admin.
    Click OK to save the profile.
    Previous
    Next

    Related Documentation

    © 2019 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo