Admin Roles - Read Only

Reply

Admin Roles - Read Only

I am trying to create a admin role on the PA device and select things in the webUI to be read only. When I check these items I get enable and disable options but not the read only option icon option? Is there something I am missing here?

Tags (1)
L7 Applicator

Re: Admin Roles - Read Only

@Stevenjwilliams83,

Some permissions are either enabled or disabled, there is no read-only for some of the permissions you can grant. 

Re: Admin Roles - Read Only

Is there a list of options have read only?

L7 Applicator

Re: Admin Roles - Read Only

@Stevenjwilliams83,

I'm not aware of a list off-hand. 

L5 Sessionator

Re: Admin Roles - Read Only


@Stevenjwilliams83 wrote:

I am trying to create a admin role on the PA device and select things in the webUI to be read only. When I check these items I get enable and disable options but not the read only option icon option? Is there something I am missing here?


 

Can you just not use the buil-in "Super-user Read-Only" option?  I would think this is going to be exactly what you're looking for.

Re: Admin Roles - Read Only

Too many visible tabs. I need to remove tabs and have read only. I do not want Security peeps to see things that make them think they should have access to. 

L5 Sessionator

Re: Admin Roles - Read Only

Hrmmm...I built a security read-only group.  Exposed policy and objects tab...I don't recall any of these being an "all or nothing" kinda deal.  I seem to recall all having a read-only option.

Highlighted
L7 Applicator

Re: Admin Roles - Read Only

@Stevenjwilliams83,

Only the configuration items can be marked as Read-Only, everything else is either all or nothing. For example, within Logs everything is either enabled or disabled because you are only ever reading information anyways. Packet Capture you can create read-only so they can view the captured information but not change any of the options. Session Browser you can give read only because they would otherwise be able to delete sessions. Block IP List can be read-only so they can't actually remove an IP from the list. 

Is there something in particular that you are suprised that there isn't a Read Only option? That might be an easier place to start since there doesn't appear to really be a list out there at all.  

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!