Administrative Roles for Virtual Systems
A Superuser administrator can
create virtual systems and add a Device administrator, vsysadmin,
or vsysreader. A Device administrator can
access all virtual systems, but cannot add administrators. When
you create an Admin Role profile and select the role to be Virtual
System, the role applies to specific virtual systems
on the firewall. From the Command Line tab,
the two types of virtual system administrative roles are:
vsysadmin—Has access to specific virtual systems
on the firewall to create and manage specific aspects of virtual
systems. A vsysadmin doesn’t have access to network interfaces,
VLANs, virtual wires, virtual routers, IPSec tunnels, GRE tunnels,
DHCP, DNS Proxy, QoS, LLDP, or network profiles. Persons with vsysadmin
permission can commit configurations for only the virtual systems
assigned to them.
vsysreader—Has read-only access to specific virtual
systems on the firewall and specific aspects of virtual systems.
A vsysreader doesn’t have access to network interfaces, VLANs, virtual
wires, virtual routers, IPSec tunnels, GRE tunnels, DHCP, DNS Proxy,
QoS, LLDP, or network profiles.
A virtual system administrator can view logs of only the virtual
systems assigned to that administrator. A Superuser or Device administrator can
view all of the logs, select a virtual system to view, or configure
a virtual system as a User-ID hub.
