This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Question on Admin roles and what they see

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Question on Admin roles and what they see

Go to solution
JeffTQT
L2 Linker

‎08-08-2013 06:31 AM

We have an intern who we have given admin rights to our Palo Alto boxes and Panorama. I created a custom Intern role for him that just gave him access to the logs and reports and things but then read only to everything else. What is happening is when he gets on the actual PA5050 box and goes to monitor or ACC where it shows an IP address it actually shows the exact IP like what we all see. But when he goes to Panorama where the IP should be he just sees the subnet. Like 10.10.10.0/24.

I am wondering if it is a code version issue as when we all go in Panorama it shows up right for us. On our actual PA5050 boxes we are running 4.1.6 and on Panorama we are running 5.0.4.

Would this cause the difference? Is there something in the 5.0 code that changes what a non superuser seesles

0 Likes Likes
1 accepted solution

Accepted Solutions

Go to solution
goku123
L7 Applicator

‎08-08-2013 06:51 AM

There is a section called "Privacy" under the admin role configuration.

Under Privacy> there is an option "Show full IP addresses".

Please check if the admin role for panorama has the privacy option enabled & "show full IP addresses" checked.

View solution in original post

0 Likes Likes
3 REPLIES 3

Go to solution
sdurga
L6 Presenter

‎08-08-2013 06:51 AM

The information that you see in the Monitor-->Logs of the Panorama should match with the information in the Logs on the Firewall. This behavior looks buggy to me, especially full privileged Admins are able to see a different info than the Custom Role Admins. I would recommend to open a ticket with support for further investigation.

0 Likes Likes

Go to solution
goku123
L7 Applicator

‎08-08-2013 06:51 AM

There is a section called "Privacy" under the admin role configuration.

Under Privacy> there is an option "Show full IP addresses".

Please check if the admin role for panorama has the privacy option enabled & "show full IP addresses" checked.

0 Likes Likes

Go to solution
sdurga
L6 Presenter
In response to goku123

‎08-08-2013 06:57 AM

Interesting, not aware of this feature.

0 Likes Likes
  • 1 accepted solution
  • 2960 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks