Configure Administrative Access to Panorama
Use RBAC to define precise privileges and responsibilities for
administrators.
| Where Can I Use This? | What Do I Need? |
- NGFW (Managed by Panorama)
|
|
Panorama implements
Role-Based Access Control (RBAC) to enable
you to define precise privileges and responsibilities for administrators. The process
begins by Configuring an Admin Role Profile. These profiles determine the type of system
access available to an administrator, allowing you to define granular settings—such as
read-write, read-only, or disabled access—for specific functional areas of the web
interface, CLI, and XML API.
To reduce the risk of deployment errors, you can Configure an Admin Role Profile for
Selective Push to Managed Firewalls. This helps administrators to push only specific
configuration changes—either their own or those made by selected peers—preventing the
accidental deployment of incomplete configurations that could disrupt network
operations.
For administrators managing specific network segments, Configure an Access Domain. This
controls access to specific Device Groups and Templates and governs the ability to
switch contexts to the web interface of managed firewalls, ensuring administrators only
impact their assigned functional or regional areas.
After roles and domains are defined, Configure Administrative Accounts and
Authentication. You can manage accounts locally or integrate with external services such
as RADIUS, TACACS+, SAML, or LDAP to handle authentication.
Next, you can Enable SCP Uploads for an Administrator, allowing Superusers to automate
file transfers for updates via the CLI. Finally, for security and compliance, Configure
Tracking of Administrator Activity to generate audit logs that record detailed
navigation and command history for every session