Use Access Domains to
define access for Device Group and Template administrators for specific
device groups and templates, and also to control the ability of
those administrators to switch context to the web interface of managed
firewalls. Panorama supports up to 4,000 access domains.
Select
Panorama
Access Domain
and click
Add
.
Enter a
Name
to identify the access
domain.
Select an access privilege for
Shared Objects
:
write
—Administrators can
perform all operations on Shared objects. This is the default value.
read
—Administrators can display and
clone but cannot perform other operations on Shared objects. When
adding non-Shared objects or cloning Shared objects, the destination
must be a device group within the access domain, not the Shared
location.
shared-only
—Administrators can add
objects only to the Shared location. Administrators can display,
edit, and delete Shared objects but cannot move or clone them.
A consequence of this option is that administrators
can’t perform any operations on non-Shared objects other than to
display them. An example of why you might select this option is
for an organization that requires all objects to be in a single,
global repository.
Toggle the icons in the
Device Groups
tab
to enable read-write or read-only access for device groups in the
access domain.
If you set the
Shared
Objects
access to
shared-only
,
Panorama applies read-only access to the objects in any device groups
for which you specify read-write access.
Select the
Templates
tab and
Add
each
template you want to assign to the access domain.
Select the
Device Context
tab,
select firewalls to assign to the access domain, and click
OK
.
Administrators can access the web interface of these firewalls by
using the
