Configure an Admin Role Profile

Admin Role profiles are custom Administrative Roles that enable you to define granular administrative access privileges to ensure protection for sensitive company information and privacy for end users. As a best practice, create Admin Role profiles that allow administrators to access only the areas of the management interfaces required to perform their jobs.
  1. Select PanoramaAdmin Roles and click Add.
  2. Enter a Name for the profile and select the Role type: Panorama or Device Group and Template.
  3. Configure access privileges to each functional area of Panorama (Web UI) and firewalls (Context Switch UI) by toggling the icons to the desired setting: Enable (read-write), Read Only, or Disable.
    If administrators with custom roles will commit device group or template changes to managed firewalls, you must give those roles read-write access to PanoramaDevice Groups and PanoramaTemplates. If you upgrade from an earlier Panorama version, the upgrade process provides read-only access to those nodes.
    You cannot manage access to the firewall CLI or XML API through context-switching privileges in Panorama roles.
  4. If the Role type is Panorama, configure access to the XML API by toggling the Enabled/Disabled icon for each functional area.
  5. If the Role type is Panorama, select an access level for the Command Line interface: None (default), superuser, superreader, or panorama-admin.
  6. Click OK to save the profile.

Related Documentation