Use Access Domains to
define access for Device Group and Template administrators for specific
device groups and templates, and also to control the ability of
those administrators to switch context to the web interface of managed
firewalls. Panorama supports up to 4,000 access domains.
to identify the access
Select an access privilege for
perform all operations on Shared objects. This is the default value.
—Administrators can display and
clone but cannot perform other operations on Shared objects. When
adding non-Shared objects or cloning Shared objects, the destination
must be a device group within the access domain, not the Shared
—Administrators can add
objects only to the Shared location. Administrators can display,
edit, and delete Shared objects but cannot move or clone them.
A consequence of this option is that administrators
can’t perform any operations on non-Shared objects other than to
display them. An example of why you might select this option is
for an organization that requires all objects to be in a single,
Toggle the icons in the
to enable read-write or read-only access for device groups in the
If you set the
Panorama applies read-only access to the objects in any device groups
for which you specify read-write access.
template you want to assign to the access domain.
select firewalls to assign to the access domain, and click
Administrators can access the web interface of these firewalls by