Configure an Admin Role Profile

Admin Role profiles are custom Administrative Roles that enable you to define granular administrative access privileges to ensure protection for sensitive company information and privacy for end users. As a best practice, create Admin Role profiles that allow administrators to access only the areas of the management interfaces required to perform their jobs.
  1. Select
    Panorama
    Admin Roles
    and click
    Add
    .
  2. Enter a
    Name
    for the profile and select the
    Role
    type:
    Panorama
    or
    Device Group and Template
    .
  3. Configure access privileges to each functional area of Panorama (
    Web UI
    ) and firewalls (
    Context Switch UI
    ) by toggling the icons to the desired setting: Enable (read-write), Read Only, or Disable.
    If administrators with custom roles will commit device group or template changes to managed firewalls, you must give those roles read-write access to
    Panorama
    Device Groups
    and
    Panorama
    Templates
    . If you upgrade from an earlier Panorama version, the upgrade process provides read-only access to those nodes.
    You cannot manage access to the firewall CLI or XML API through context-switching privileges in Panorama roles.
  4. If the
    Role
    type is
    Panorama
    , configure access to the
    XML API
    by toggling the Enabled/Disabled icon for each functional area.
  5. If the
    Role
    type is
    Panorama
    , select an access level for the
    Command Line
    interface:
    None
    (default),
    superuser
    ,
    superreader
    , or
    panorama-admin
    .
  6. Click
    OK
    to save the profile.

Related Documentation