Define administrator permissions for NGFW Engines
Define the administrator permissions that permit users to access and view engine options.
Before you begin
Your administrator account must have editing permissions to the engine element.
You can either add an Access Control List or an individual Administrator-Administrator Role pair as permitted on the engine. The rights that the Access Control List grants to the administrators are defined in the properties of the administrator accounts (defined with Administrator elements).
Administrators with restricted permissions can refresh or upload an engine's policy only if the administrator is a permitted administrator for both the engine and the policy. The engines might not accept all policies.
For more details about the product and how to configure features, click Help or press F1.
Steps
Engine Editor > General > Permissions
Use this branch to change permissions settings to control the administration of NGFW Engines.
Option | Definition |
---|---|
Administrator Permissions section | |
Access Control Lists | Shows the Access Control Lists that have been selected. Click Add to add an element to the list, or Remove to remove the selected element. |
Permissions | Shows the administrators that have permissions. Click Add Permission to add a row to the list, or Remove Permission to remove the selected row. Click the Administrator cell to select the administrator. |
Option | Definition |
---|---|
Local Administrators section | |
Administrator | If local administrators have been defined, shows the names. |
Info | Shows whether the local administrator can execute root-level commands with the sudo tool. |
Option | Definition |
---|---|
Policies section | |
Allowed Policies | Shows the policies that are allowed to be installed. Click Add to add an element to the list, or Remove to remove the selected element. To allow the installation of any policy, select Set to ANY. |
Option | Definition |
---|---|
Reporting section | |
E-mail Address(es) | The email addresses to which generated reports are sent when this NGFW Engine is the sender of log data for
the report. To add several addresses, separate the addresses with a comma. |