Default administrator account elements
There are several predefined Administrator Roles and Access Control Lists that help you configure Administrator permissions. You cannot edit the predefined elements.
The following table describes the predefined Administrator Roles that you can optionally use instead of or in addition to customized Administrator Roles you create. All permissions listed here are always applied to a specific set of elements that you define.
| Administrator role | Permissions given |
|---|---|
| Viewer | View the properties of elements. |
| Owner | View the properties, and edit and delete elements. When an administrator creates an element, the administrator is automatically set as an Owner of that element. |
| Operator | View the properties of elements, send commands to engines, refresh policies, upload policies, and browse logs and alerts (if applied to components that send logs). |
| Editor | Operator permissions and additional permissions to create, edit, and delete elements. |
All elements automatically belong to one or several predefined Access Control List elements in addition to the Access Control Lists you create yourself.
| Access Control List | Description |
|---|---|
| All Elements | All elements that are defined in the system. |
| All Domains | All Domain elements in the system. Can be used with Administrator elements only if Domain elements have been configured. |
| All Administrators | All elements of the type mentioned in the name of the Access Control List. |
| All API Clients | |
| All Firewall Policies | |
| All Firewalls | |
| All Incident Cases | |
| All Inspection Policies | |
| All IPS Policies | |
| All Layer 2 Firewall Policies | |
| All Layer 2 Firewalls | |
| All Layer 2 Interface Policies | |
| All Third Party Devices | |
| All Web Portal Users | |
| All Sensors and Analyzers | All legacy elements of the type mentioned in the name of the Access Control List. |
| All SOHO Firewalls | |
| All SSL VPN Gateways | |
| All Simple Elements | All elements except elements that have a dedicated system Access Control List. |
The contents of the Access Control Lists are Domain-specific if Domain elements have been configured in the system. For example, in the Shared Domain, ALL IPS Policies refers to all IPS Policies that belong to the Shared Domain.