Predefined User Roles
Except as noted, you can assign each user a predefined user role with the privileges described in the following table, or a custom user role.
|
User Role Name |
Description |
Web Reporting/Scheduled Reports Capability | ||
|---|---|---|---|---|
|
admin |
The admin user is the default user account for the system and has all administrative privileges. The admin user account is listed here for convenience, but it cannot be assigned via a user role, and it cannot be edited or deleted, aside from changing the passphrase. Only the admin user can issue the resetconfig and revertcommands. |
Yes/Yes | ||
|
Administrator |
User accounts with the Administrator role have full access to all configuration settings of the system. |
Yes/Yes | ||
|
Operator |
User accounts with the Operator role are restricted from:
Otherwise, they have the same privileges as the Administrator role. |
Yes/Yes | ||
|
Technician |
User accounts with the Technician role can initiate system administration activities such as upgrades and reboots, save a configuration file from the appliance, manage feature keys, and so forth. |
Access to System Capacity reports under the Web and Email tabs | ||
|
Read-Only Operator |
User accounts with the Read-Only Operator role have access to view configuration information. Users with the Read-Only Operator role can make and submit most changes to see how to configure a feature, but they cannot commit them or make any change that does not require a commit. Users with this role can manage messages in quarantines, if access is enabled. Users with this role cannot access the following:
|
Yes/No | ||
|
Guest |
Users accounts with the Guest role can view status information including reports and Web Tracking, and manage messages in quarantines, if access is enabled. Users with the Guest role cannot access Message Tracking. |
Yes/No | ||
|
Web Administrator |
User accounts with the Web Administrator role have access to all configuration settings under the Web tab. |
Yes/Yes | ||
|
Web Policy Administrator |
User accounts with the Web Policy Administrator role can access the Web Appliance Status page and all pages in the Configuration Master. The web policy administrator can configure identities, access policies, decryption policies, routing policies, proxy bypass, custom URL categories, and time ranges. The web policy administrator cannot publish configurations. |
No/No | ||
|
Email Administrator |
User accounts with the Email Administrator role have access to all configuration settings within the Email menu only, including quarantines. |
No/No | ||
|
Help Desk User |
User accounts with the Help Desk User role are restricted to:
Users with this role cannot access the rest of the system, including the CLI. After you assign a user this role, you must also configure quarantines to allow access by this user. |
No/No | ||
|
Custom Roles |
User accounts that are assigned a custom user role can view and configure only policies, features, or specific policy or feature instances that have been specifically delegated to the role. These features can be access log subscriptions, Logging APIs, and log files. You can create a new Custom Email User Role or a new Custom Web User Role from the Add Local User page. However, you must assign privileges to this Custom User Role before the role can be used. To assign privileges, go to Management Appliance > System Administration > User Roles and click the user name.
For more information, see Custom User Roles. |
No/No |