Getting started with permissions
You can define the permissions that enable or restrict administrators to edit and view an engine's properties.
What permission control does
Engine permissions control can be used in two ways:
- To prevent some administrators from editing and viewing an engine’s properties to prevent unauthorized modifications and protect confidential details.
- To restrict the policies that can be installed on the engine to prevent service outages caused by the wrong policy being installed on the engine by accident.
Note: Engine permission control does not affect the local permissions to execute command-line commands on the engine. You can replicate administrator accounts on engines and then configure permissions to execute commands using the sudo tool. The Local Administrators section in the Administrator Permissions pane shows the local administrators defined, if any.
What do I need to know before I begin?
- Your administrator account must have editing permissions for the engine element.
- Permissions for Master NGFW Engines and Virtual NGFW Engines are configured separately. Otherwise, engine permissions are configured for Master NGFW Engines and Virtual NGFW Engines in the same way as for other types of engines.
- Access control in the Security Management Center.