This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Support Portal User Role Matrix

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Content translations are temporarily unavailable due to site maintenance. We apologize for any inconvenience. Visit our blog to learn more.

Support Portal User Role Matrix

jasfree
L1 Bithead

‎04-16-2018 05:10 AM

Hi Community,

 

we are experiencing a strange phenomene on our PA-7050.

We recently upgraded from 7.1.4 to 8.0.8 and have the following problem:

  1. User with securityadmin rights cannot save changes made on the firewall. They are receiving "You don't have permission to save configuration."
  2. Users with the superuser roles cannot make changes to Administrators Group.
  3. Users with the superuser role only have Read Only on the Admin Role Profile.

Has anyone else experienced this? Does anyone know what I need to do to correct this problem?.

 

Regards,

 

Jasper Freeman

0 Likes Likes
2 REPLIES 2

BPry
Cyber Elite
Cyber Elite

‎04-16-2018 10:22 AM

@jasfree,

1) What changes were the users with securityadmin trying to make; there are a number of things that a securityadmin is not allowed to modify. If another admin was currently working on changes that the securityadmin did not have rights to then you could see this issue present itself. 

 

2) I would call TAC on this problem; the Superuser role is built in and you are not allowed to modify it, you should therefor have access to whatever you need. The only objection to this would be if they had the Superuser (read-only) Role assigned, which may be the case reading your final question. 

 

3) This seems odd but could have happened during the 8.0 update. Using a user with the Superuser Role you should be able to give everyone the proper Role back. 

 

0 Likes Likes

jasfree
L1 Bithead
In response to BPry

‎04-16-2018 10:24 PM

@BPry,

 

We did open a TAC ticket.

 

What we noticed after the update was that the even though the Profile securityadmin had the rights to save, it did not work. It's as if the User could not save his own context.

 

Before the update, the admin could save his work (in his user context) and when a commit was performed then the changes was written to the running config. After the update, the admin can commit changes, but the save always returns a permission denied.

 

We are currently investigating other possible areas. Since we use ACS for the securityadmin authentication and Active Directory for superadmin authentication, we are checking to see if there are any changes that has an effect on the login.

 

I guess I will have to wait for the TAC response.

 

Thanks anyway.

 

Regards,

 

Jasper Freeman

0 Likes Likes
  • 2216 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks