Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Reboot / Shutdown options not displayed in Web UI if Role-Based Admin is used

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Reboot / Shutdown options not displayed in Web UI if Role-Based Admin is used

L1 Bithead

Hi,

I have created a role-based admin account with all rights enabled for the Web UI and superuser rights enabled for the CLI.

After login to the Web UI using this account, under Device -> Setup -> Operations, the reboot/shutdown operations are not displayed. So i cannot reboot the device via the Web UI.

If I go to the CLI (using the same account), i can easily do a reboot (by "request restart system").

Does anybody have an idea if this is a bug or a feature ?

Thanks,

Marcus

3 REPLIES 3

L4 Transporter

Marcus,

The rights required to use the Device > Setup > Operations are at the superuser level and there is no way to create a custom Admin Role with superuser privilege. If you need these rights you should use the superuser dynamic role instead since you are giving superuser rights in the CLI anyways. If you look at the "Role" setting in the admin role it will be set to "Device" which means the admin has rights equivalent to a deviceadmin.

We are looking into eliminating offering "superuser" or "superreader" rights on the CLI under the custom admin role since it does not make sense to allow this escalation of privilege when logging in via CLI for the same admin who is a web interface deviceadmin.

Thanks Mike for the quick answer.

The reason for using a custom Admin Role instead of a dynamic role is that I want to disable displaying of username and/or client ip address information in the logs and reports.

This is for privacy protection reasons; we are not allowed to give our Operations access to this information. On the other hand, they should be able to reboot the system in case of an emergency.

Any idea how to accomplish this ?

Thanks,

Marcus

Under Admin Roles in Panorama

I created Role based authen  on Panorama M100 running 8.1.9 with Admin Role giving it full access.

Under Role tab i checked the Panorama and pushed that to all the firewalls.

Still i do not see option to reboot or shutdown the firewall or generate the tech support file.

 

Will this be fixed in some new PAN OS releases?

 

MP

Help the community: Like helpful comments and mark solutions.
  • 6074 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!