: Configure an Access Domain
Focus
Focus

Configure an Access Domain

Table of Contents

Configure an Access Domain

Use Access Domains to define access for Device Group and Template administrators for specific device groups and templates, and also to control the ability of those administrators to switch context to the web interface of managed firewalls. Panorama supports up to 4,000 access domains.
  1. Select PanoramaAccess Domain and click Add.
  2. Enter a Name to identify the access domain.
  3. Select an access privilege for Shared Objects:
    • write—Administrators can perform all operations on Shared objects. This is the default value.
    • read—Administrators can display and clone but cannot perform other operations on Shared objects. When adding non-Shared objects or cloning Shared objects, the destination must be a device group within the access domain, not the Shared location.
    • shared-only—Administrators can add objects only to the Shared location. Administrators can display, edit, and delete Shared objects but cannot move or clone them.
    A consequence of this option is that administrators can’t perform any operations on non-Shared objects other than to display them. An example of why you might select this option is for an organization that requires all objects to be in a single, global repository.
  4. Toggle the icons in the Device Groups tab to enable read-write or read-only access for device groups in the access domain.
    If you set the Shared Objects access to shared-only, Panorama applies read-only access to the objects in any device groups for which you specify read-write access.
  5. Select the Templates tab and Add each template you want to assign to the access domain.
  6. Select the Device Context tab, select firewalls to assign to the access domain, and click OK. Administrators can access the web interface of these firewalls by using the Context drop-down in Panorama.