Define administrator permissions for NGFW Engines

Define the administrator permissions that permit users to access and view engine options.

Before you begin

Your administrator account must have editing permissions to the engine element.

You can either add an Access Control List or an individual Administrator-Administrator Role pair as permitted on the engine. The rights that the Access Control List grants to the administrators are defined in the properties of the administrator accounts (defined with Administrator elements).

Administrators with restricted permissions can refresh or upload an engine's policy only if the administrator is a permitted administrator for both the engine and the policy. The engines might not accept all policies.

For more details about the product and how to configure features, click Help or press F1.

Steps

  1. Open the element for editing in one of the following ways depending on the element type:
    Element type Description
    Engine element
    1. Right-click an engine element, then select Edit <element type>. The Engine Editor opens.
    2. In the navigation pane on the left, browse to General > Permissions.
    Policy element
    1. Right-click the policy and select Properties.
    2. Click the Permissions tab.
  2. Click Add for the Access Control Lists and select one or more Access Control Lists to which you want the engine to belong.
    To create an Access Control List, select Tools > New > Access Control List.
  3. To add a permission, click Add Permission under Permissions.
    A new row appears on the administrator list.
  4. Click the Administrator cell and select the Administrator.
  5. Right-click the Administrator Role cell and select Edit Administrator Role.
  6. Select a role and click Add.
  7. Click OK to close the Select Elements dialog box.
  8. Save the changes in one of the following ways depending on the element type:
    Element type Description
    Engine element Click Save.
    Policy element Click OK to close the dialog box.
    Note: Changes to administrator permissions are immediately distributed and taken into account in all related elements.

Engine Editor > General > Permissions

Use this branch to change permissions settings to control the administration of NGFW Engines.

Option Definition
Administrator Permissions section
Access Control Lists Shows the Access Control Lists that have been selected. Click Add to add an element to the list, or Remove to remove the selected element.
Permissions Shows the administrators that have permissions. Click Add Permission to add a row to the list, or Remove Permission to remove the selected row. Click the Administrator cell to select the administrator.
Option Definition
Local Administrators section
Administrator If local administrators have been defined, shows the names.
Info Shows whether the local administrator can execute root-level commands with the sudo tool.
Option Definition
Policies section
Allowed Policies Shows the policies that are allowed to be installed. Click Add to add an element to the list, or Remove to remove the selected element. To allow the installation of any policy, select Set to ANY.
Option Definition
Reporting section
E-mail Address(es) The email addresses to which generated reports are sent when this NGFW Engine is the sender of log data for the report.

To add several addresses, separate the addresses with a comma.