Default administrator account elements

There are several predefined Administrator Roles and Access Control Lists that help you configure Administrator permissions. You cannot edit the predefined elements.

The following table describes the predefined Administrator Roles that you can optionally use instead of or in addition to customized Administrator Roles you create. All permissions listed here are always applied to a specific set of elements that you define.

Table 1. Predefined administrator roles
Administrator role Permissions given
Viewer View the properties of elements.
Owner View the properties, and edit and delete elements. When an administrator creates an element, the administrator is automatically set as an Owner of that element.
Operator View the properties of elements, send commands to engines, refresh policies, upload policies, and browse logs and alerts (if applied to components that send logs).
Editor Operator permissions and additional permissions to create, edit, and delete elements.

All elements automatically belong to one or several predefined Access Control List elements in addition to the Access Control Lists you create yourself.

Table 2. Predefined Access Control List elements
Access Control List Description
All Elements All elements that are defined in the system.
All Domains All Domain elements in the system. Can be used with Administrator elements only if Domain elements have been configured.
All Administrators All elements of the type mentioned in the name of the Access Control List.
All API Clients
All Firewall Policies
All Firewalls
All Incident Cases
All Inspection Policies
All IPS Policies
All Layer 2 Firewall Policies
All Layer 2 Firewalls
All Layer 2 Interface Policies
All Third Party Devices
All Web Portal Users
All Sensors and Analyzers All legacy elements of the type mentioned in the name of the Access Control List.
All SOHO Firewalls
All SSL VPN Gateways
All Simple Elements All elements except elements that have a dedicated system Access Control List.

The contents of the Access Control Lists are Domain-specific if Domain elements have been configured in the system. For example, in the Shared Domain, ALL IPS Policies refers to all IPS Policies that belong to the Shared Domain.