https://live.paloaltonetworks.com/t5/general-topics/restricting-data-accessible-by-admin-user-group-for-acc-monitor/m-p/35612#M26153 <HTML><HEAD></HEAD><BODY><P>Hi All,</P><P></P><P>Can I, in a system that is NOT running multiple vsys, restrict the information that can be accessed, seen etc within the ACC, monitor tab etc. Like a pre-applied data filter is overlaying the entire use?</P><P></P><P>For example, having a login that is for the head of a division, such as marketing, and when that use logs in, the only information</P><P>displaying within the ACC, is made up of information that applies to marketing, as the filter for the marketing user is based on a marketing Security Zone?</P><P></P><P>Similar in the Monitor-&gt;logs tab, in that the realtime information that is visiblity through the various logs windows ( traffic, threat etc ) is </P><P>only that to do with the Marketing Security zone?</P><P></P><P>I can see there is ability to load a pre-defined data filter, but this I assume relies on the user applying this, where I would like to have this pre-applied.</P><P></P><P>Possible?</P></BODY></HTML> Thu, 13 Oct 2011 21:39:57 GMT KatanaNZ 2011-10-13T21:39:57Z https://live.paloaltonetworks.com/t5/general-topics/restricting-data-accessible-by-admin-user-group-for-acc-monitor/m-p/35612#M26153 <HTML><HEAD></HEAD><BODY><P>Hi All,</P><P></P><P>Can I, in a system that is NOT running multiple vsys, restrict the information that can be accessed, seen etc within the ACC, monitor tab etc. Like a pre-applied data filter is overlaying the entire use?</P><P></P><P>For example, having a login that is for the head of a division, such as marketing, and when that use logs in, the only information</P><P>displaying within the ACC, is made up of information that applies to marketing, as the filter for the marketing user is based on a marketing Security Zone?</P><P></P><P>Similar in the Monitor-&gt;logs tab, in that the realtime information that is visiblity through the various logs windows ( traffic, threat etc ) is </P><P>only that to do with the Marketing Security zone?</P><P></P><P>I can see there is ability to load a pre-defined data filter, but this I assume relies on the user applying this, where I would like to have this pre-applied.</P><P></P><P>Possible?</P></BODY></HTML> Thu, 13 Oct 2011 21:39:57 GMT https://live.paloaltonetworks.com/t5/general-topics/restricting-data-accessible-by-admin-user-group-for-acc-monitor/m-p/35612#M26153 KatanaNZ 2011-10-13T21:39:57Z https://live.paloaltonetworks.com/t5/general-topics/restricting-data-accessible-by-admin-user-group-for-acc-monitor/m-p/35613#M26154 <HTML><HEAD></HEAD><BODY><P>Let me test for you. Give me some time and I'll get you an update unless some folks on KP chime in.</P><P></P><P>Regards,</P><P>Renato</P></BODY></HTML> Thu, 13 Oct 2011 21:58:44 GMT https://live.paloaltonetworks.com/t5/general-topics/restricting-data-accessible-by-admin-user-group-for-acc-monitor/m-p/35613#M26154 gswcowboy 2011-10-13T21:58:44Z https://live.paloaltonetworks.com/t5/general-topics/restricting-data-accessible-by-admin-user-group-for-acc-monitor/m-p/35614#M26155 <HTML><HEAD></HEAD><BODY><P>Doesn't look there's a plausible solution to what you're trying to acoomplish. When creating admin roles, we can only limit access based on the pre-defined filters. You will need to submit a feature request to your local Sales SE to expand the granularity of admin roles.</P><P></P><P>Regards,</P><P>Renato</P></BODY></HTML> Fri, 14 Oct 2011 00:53:22 GMT https://live.paloaltonetworks.com/t5/general-topics/restricting-data-accessible-by-admin-user-group-for-acc-monitor/m-p/35614#M26155 gswcowboy 2011-10-14T00:53:22Z