Web Interface Access Privileges
If you want to prevent a role-based administrator from
accessing specific tabs on the web interface, you can disable the
tab and the administrator will not even see it when logging in using
the associated role-based administrative account. For example, you
could create an Admin Role Profile for your operations staff that provides
access to the Device and Network tabs
only and a separate profile for your security administrators that
provides access to the Object, Policy,
and Monitor tabs.
An admin role can apply at the Device level
or Virtual System level as defined by the Device or Virtual
System radio button. If you select Virtual
System, the admin assigned this profile is restricted
to the virtual system(s) he or she is assigned to. Furthermore,
only the tab
is available to that admin, not the Global tab.
The following topics describe how to set admin role privileges
to the different parts of the web interface: