Default administrator account elements

There are several predefined Administrator Roles and Access Control Lists that help you configure Administrator permissions. You cannot edit the predefined elements.

The following table describes the predefined Administrator Roles that you can optionally use instead of or in addition to customized Administrator Roles you create. All permissions listed here are always applied to a specific set of elements that you define.

Table 1. Predefined administrator roles
Administrator role Permissions given
Editor Editors can:
  • View the properties of elements.
  • Send commands to engines, refresh policies, upload policies, and browse logs and alerts (if applied to components that send logs).
  • Create, edit, and delete elements.
NSX Role This role is a specialized role that is intended only for deploying NGFW Engines using NSX.
Operator Operators can:
  • View the properties of elements.
  • Send commands to engines, refresh policies, upload policies, and browse logs and alerts (if applied to components that send logs).
Owner When an administrator creates an element, the administrator is automatically set as an owner of that element. Owners can:
  • View the properties of elements.
  • Create, edit, and delete elements.
Viewer View the properties of elements.

All elements automatically belong to one or several predefined Access Control List elements in addition to the Access Control Lists you create yourself.

Table 2. Predefined Access Control List elements
Access Control List Description
All Elements All elements that are defined in the system.
All Domains All Domain elements in the system. Can be used with Administrator elements only if Domain elements have been configured.
All Administrators All elements of the type mentioned in the name of the Access Control List.
All API Clients
All Cloud Elements
All Firewall Policies
All Firewalls
All Incident Cases
All Inspection Policies
All IPS Engines
All IPS Policies
All Layer 2 Firewall Policies
All Layer 2 Firewalls
All Layer 2 Interface Policies
All Third Party Devices
All Web Portal Users
All SSL VPN Gateways Legacy SSL VPN Gateway elements.
All Simple Elements All elements except elements that have a dedicated system Access Control List.

The contents of the Access Control Lists are Domain-specific if Domain elements have been configured in the system. For example, in the Shared Domain, ALL IPS Policies refers to all IPS Policies that belong to the Shared Domain.