Admin Roles restrict commit from Panorama

Reply
Highlighted
Cyber Elite

Admin Roles restrict commit from Panorama

We have Panorama managing the firewalls.

certain admin role name we do not want them to do commit on the panorama and firewall.

 

so we want if user log into panorama and from there if he go to  firewall context or he directly log into firewall then

commit should be disabled.

 

I logged in to the panorma and under  panorama  admin roles i disabled the commit 

I did this by choosing the role as Panorama

 

For all other firewalls should i need to do same  by selecting role  device group and templates?

 

or also i need to do this under template for each firewall?

 

 

 

MP

Accepted Solutions
Highlighted
L7 Applicator

When you disabled commit for your role, did you disable commit in the Context Switch UI section?

That should be all you need to do. When they do a context switch, they're still logged into Panorama so you only need to worry about the Panorama user:


no-commit.png

 

 

If that user has an account directly on the firewalls as well, you would need to modify their role on the firewall(s) also.

View solution in original post


All Replies
Highlighted
L7 Applicator

When you disabled commit for your role, did you disable commit in the Context Switch UI section?

That should be all you need to do. When they do a context switch, they're still logged into Panorama so you only need to worry about the Panorama user:


no-commit.png

 

 

If that user has an account directly on the firewalls as well, you would need to modify their role on the firewall(s) also.

View solution in original post

Highlighted
Cyber Elite

yes i did on Panorama and on context switch ui.

Will do on the firewalls also as they do have access to it

MP
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!