Default administrator account elements
There are several predefined Administrator Roles and Access Control Lists that help you configure Administrator permissions. You cannot edit the predefined elements.
The following table describes the predefined Administrator Roles that you can optionally use instead of or in addition to customized Administrator Roles you create. All permissions listed here are always applied to a specific set of elements that you define.
Administrator role | Permissions given |
---|---|
Editor | Editors can:
|
NSX Role | This role is a specialized role that is intended only for deploying NGFW Engines using NSX. |
Operator | Operators can:
|
Owner | When an administrator creates an element, the administrator is automatically set as an owner of that element. Owners can:
|
Viewer | View the properties of elements. |
All elements automatically belong to one or several predefined Access Control List elements in addition to the Access Control Lists you create yourself.
Access Control List | Description |
---|---|
All Elements | All elements that are defined in the system. |
All Domains | All Domain elements in the system. Can be used with Administrator elements only if Domain elements have been configured. |
All Administrators | All elements of the type mentioned in the name of the Access Control List. |
All API Clients | |
All Cloud Elements | |
All Firewall Policies | |
All Firewalls | |
All Inspection Policies | |
All IPS Engines | |
All IPS Policies | |
All Layer 2 Firewall Policies | |
All Layer 2 Firewalls | |
All Layer 2 Interface Policies | |
All Third Party Devices | |
All Web Portal Users | |
All SSL VPN Gateways | Legacy SSL VPN Gateway elements. |
All Simple Elements | All elements except elements that have a dedicated system Access Control List. |
The contents of the Access Control Lists are Domain-specific if Domain elements have been configured in the system. For example, in the Shared Domain, ALL IPS Policies refers to all IPS Policies that belong to the Shared Domain.