Configure Administrative Access to Panorama
Focus
Focus
Panorama

Configure Administrative Access to Panorama

Table of Contents

Configure Administrative Access to Panorama

Use RBAC to define precise privileges and responsibilities for administrators.
Where Can I Use This?What Do I Need?
  • NGFW (Managed by Panorama)
  • Panorama superuser role
Panorama implements Role-Based Access Control (RBAC) to enable you to define precise privileges and responsibilities for administrators. The process begins by Configuring an Admin Role Profile. These profiles determine the type of system access available to an administrator, allowing you to define granular settings—such as read-write, read-only, or disabled access—for specific functional areas of the web interface, CLI, and XML API.
To reduce the risk of deployment errors, you can Configure an Admin Role Profile for Selective Push to Managed Firewalls. This helps administrators to push only specific configuration changes—either their own or those made by selected peers—preventing the accidental deployment of incomplete configurations that could disrupt network operations.
For administrators managing specific network segments, Configure an Access Domain. This controls access to specific Device Groups and Templates and governs the ability to switch contexts to the web interface of managed firewalls, ensuring administrators only impact their assigned functional or regional areas.
After roles and domains are defined, Configure Administrative Accounts and Authentication. You can manage accounts locally or integrate with external services such as RADIUS, TACACS+, SAML, or LDAP to handle authentication.
Next, you can Enable SCP Uploads for an Administrator, allowing Superusers to automate file transfers for updates via the CLI. Finally, for security and compliance, Configure Tracking of Administrator Activity to generate audit logs that record detailed navigation and command history for every session