0% found this document useful (0 votes)
12 views

Configure an Admin Role Profile

The document is a guide for configuring Admin Role profiles in Panorama, which allows for granular administrative access to protect sensitive information. It outlines the steps for creating and managing these profiles, including selecting templates, defining access levels, and enabling context switching between Panorama and managed firewalls. Best practices recommend limiting access to only necessary areas for administrators to enhance security.

Uploaded by

bibist
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
0% found this document useful (0 votes)
12 views

Configure an Admin Role Profile

The document is a guide for configuring Admin Role profiles in Panorama, which allows for granular administrative access to protect sensitive information. It outlines the steps for creating and managing these profiles, including selecting templates, defining access levels, and enabling context switching between Panorama and managed firewalls. Best practices recommend limiting access to only necessary areas for administrators to enhance security.

Uploaded by

bibist
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

(/content/techdocs/en_US.

html)

Updated on Thu Mar 13 20:26:10 UTC 2025

Home (/) | Panorama (/content/techdocs/en_US/panorama.html)


| Panorama Administrator's Guide (/content/techdocs/en_US/panorama/10-1/panorama-admin.html)
| Set Up Panorama (/content/techdocs/en_US/panorama/10-1/panorama-admin/set-up-panorama.html)
| Set Up Administrative Access to Panorama (/content/techdocs/en_US/panorama/10-1/panorama-admin/set-up-panorama/set-up-
administrative-access-to-panorama.html)
| Configure an Admin Role Profile (/content/techdocs/en_US/panorama/10-1/panorama-admin/set-up-panorama/set-up-administrative-
access-to-panorama/configure-an-admin-role-profile.html)

DOWNLOAD PDF (/CONTENT/DAM/TECHDOCS/EN_US/PDF/PANORAMA/10-1/PANORAMA-ADMIN/PANORAMA-


ADMIN.PDF)

Panorama Administrator's Guide


(/content/techdocs/en_US/panorama/10-
1/panorama-admin.html)
Configure an Admin Role Profile

Table of Contents

Admin Role profiles are custom Administrative Roles (/content/techdocs/en_US/panorama/10-1/panorama-


admin/panorama-overview/role-based-access-control/administrative-roles.html#id93822266-c46a-482c-a128-
ee3c0e89b4a4) that enable you to define granular administrative access privileges to ensure protection for sensitive
company information and privacy for end users. As a best practice, create Admin Role profiles that allow administrators to
access only the areas of the management interfaces required to perform their jobs.

STEP 1 -
Select Device > Admin Roles and select the Template in which to configure a firewall admin role profile
(https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-admin/firewall-administration/manage-firewall-
administrators/configure-an-admin-role-profile.html).

You must create an Admin Role profile on the firewall and assign it to the Panorama management server Admin
Role profile to allow administrators to context switch (/content/techdocs/en_US/panorama/10-1/panorama-
admin/panorama-overview/centralized-firewall-configuration-and-update-management/context-
switchfirewall-or-panorama.html#id44fd7efe-a4b1-4e9e-8ec9-9bafb2c3fa63) between Panorama and
managed firewall web interfaces.

STEP 2 -
Select Panorama > Admin Roles and click Add.

STEP 3 -
Enter a Name for the profile and select the Role type: Panorama or Device Group and Template.

This site usesSTEP


cookies4essential
- to its operation, for analytics, and for personalized content and ads. By
continuing toConfigure
browse thisaccess
site, you acknowledge
privileges the use
to each of cookies.
functional Privacy
area statement ❯ Cookie Settings
(https://docs.paloaltonetworks.com/pan-os/10-1/pan-os-
(https://www.paloaltonetworks.com/legal-notices/privacy)
admin/firewall-administration/reference-web-interface-administrator-access) of Panorama (Web UI) by
toggling the icons to the desired setting: Enable (read-write), Read Only, or Disable.

If administrators with custom roles will commit device group or template changes to man-
aged firewalls, you must give those roles read-write access to Panorama > Device Groups
and Panorama > Templates. If you upgrade from an earlier Panorama version, the upgrade
process provides read-only access to those nodes.

STEP 5 -
If the Role type is Panorama, configure access to the XML API by toggling the Enabled/Disabled icon for each
functional area.

STEP 6 -
If the Role type is Panorama, select an access level for the Command Line interface: None (default), superuser,
superreader, or panorama-admin.

STEP 7 -
( Optional ) To allow Panorama administrators to Context Switch between the Panorama and firewall web
interface, enter the name of Device Admin Role you configured in Step 1.

STEP 8 -
Click OK to save the profile.

Was this information helpful?

Yes No

Previous Next
(/content/techdocs/en_US/panorama/10- (/content/techdocs/en_US/panorama/10-
Set Up Configure
1/panorama-admin/set-up-panorama/set- 1/panorama-admin/set-up-panorama/set-up-
Administrative an
up-administrative-access-to- administrative-access-to-
Access to Access
panorama.html) panorama/configure-an-access-domain.html)
Panorama Domain

Technical Documentation Co

Release Notes (/content/techdocs/en_US/release-notes.html) Abo


Search (/content/techdocs/en_US/search.html) Care
Blog (https://www.paloaltonetworks.com/blog/category/technical- Cus
documentation/) LIVE
Compatibility Matrix (/content/techdocs/en_US/compatibility- Kno
matrix.html)
OSS Listings (/content/techdocs/en_US/oss-listings.html)
Sitemap (/content/techdocs/en_US/sitemap.html)

(https://www.facebook.com/PaloAltoNetworks) (https://w
(https://www.youtube.com/channel/UCPRouchFt58TZnjoI65aelA)

This site uses cookies essential to its operation, for analytics, and for personalized content and ads. By
(/content/techdocs/en_US.html)
continuing to browse this site, you acknowledge the use of cookies. Privacy statement ❯ © 2025 Palo Alto Ne

(https://www.paloaltonetworks.com/legal-notices/privacy)

You might also like