Configuring access profiles
Access profiles provision permissions to roles. The following permissions can be assigned:
- Read (view access)
- Read-Write (view, change, and execute access)
- No access
When an administrator has only read access to a feature, the administrator can access the web UI page for that feature, and can use the get
and show
CLI command for that feature, but cannot make changes to the configuration.
In larger companies where multiple administrators divide the share of work, access profiles often reflect the specific job that each administrator does (“role”), such as account creation or log auditing. Access profiles can limit each administrator account to their assigned role. This is sometimes called role-based access control (RBAC).
Areas of control in access profiles lists the administrative areas that can be provisioned. If you provision read access, the role can view the web UI menu (or issue a CLI get command). If you provision read-write access, the role can save configuration changes (or issue a CLI set command).
For complete access to all commands and abilities, you must log in with the administrator account named admin.
Web UI Menus | CLI Commands |
---|---|
System |
config system diagnose hardware diagnose sniffer diagnose system execute date execute ping execute ping-options execute traceroute |
Router |
config router |
Server Load Balance |
config load-balance |
Link Load Balance |
config link-load-balance |
Global Load Balance |
config global-dns-server config global-load-balance |
Security |
config firewall config security waf |
Log & Report |
config log config report execute rebuild-db |
* For each |
Before you begin:
- You must have Read-Write permission for System settings.
To configure administrator profiles:
- Click System > Administrator.
- Click the Access Profile tab.
- Click Create New to display the configuration editor.
- Complete the configuration as described in Configuring access profiles.
- Click Save.
Settings | Guidelines |
---|---|
Name |
Specify a name for the access profile configuration. Valid characters are |
System |
Select one of the following:
|
Networking |
Select one of the following:
|
User |
Select one of the following:
|
Server Load Balance |
Select one of the following:
|
Link Load Balance |
Select one of the following:
|
Global Load Balance |
Select one of the following:
|
Security |
Select one of the following:
|
Log & Report |
Select one of the following:
|
Shared Resource |
For each category, set the permission:
|
The super_admin_prof access profile, a special access profile assigned to the admin account and required by it, appears in the list of access profiles. It exists by default and cannot be changed or deleted. The profile has permissions similar to the UNIX root account. |