Create Access Control List elements

An Access Control List defines a group of granted elements for which an administrator has rights.

If an Administrator Role gives the rights to install policies and browse logs and alerts, you must apply the Administrator Role to NGFW Engines in the Administrator element. The Access Control Lists that you create can include engines and policies.

The predefined Access Control Lists (in Administration > Access Rights > Access Control Lists) allow you to give access to all elements of a certain type. When you create an element, it is automatically added to the relevant default Access Control List. For example, a new Firewall element is automatically included both in the ALL Elements and ALL Firewalls Access Control Lists.

Note: You must create custom Access Control Lists if you want to give access to a limited number of elements within one type.

If you change the permissions for existing administrator accounts, the administrators are notified that their permissions have changed the next time that they log on to the Management Client.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Select Configuration, then browse to Administration.
  2. Right-click Access Rights and select New > Access Control List or right-click an existing Access Control List and select Properties.
  3. (New Access Control List only) In the Name field, enter a unique name.
  4. Select the elements you want to add to the Access Control List from Resources and click Add.
    The selected elements are added to the Granted Elements list in the right pane.
  5. Click OK.

Access Control List Properties dialog box

Use this dialog box to change the properties of an Access Control List.

Option Definition
Name The name of the element.
Comment

(Optional)

A comment for your own reference.
Granted Elements

Shows the elements that an administrator has been given permission to edit and install when their Administrator Role would otherwise prevent them from doing so.

Click Add to add an element to the list, or Remove to remove the selected element.
CAUTION:
Administrators who have permissions to edit the properties of NGFW Engines can configure the Management Client to run arbitrary commands in the NGFW Engine operating system.