admin
|
The admin user is the default user account for the system and has all administrative privileges. The admin user account is listed here
for convenience, but it cannot be assigned via a user role, and it cannot be edited or deleted, aside from changing the password.
Only the
admin user can issue the
resetconfig and
revertcommands.
|
Yes/Yes
|
Administrator
|
User accounts
with the Administrator role have full access to all configuration settings of
the system.
|
Yes/Yes
|
Operator
|
User accounts
with the Operator role are restricted from:
-
Creating
or editing user accounts
-
Upgrading
the appliance
-
Issuing the resetconfig command
-
Running the System Setup Wizard
-
Modifying LDAP server profile settings other than username and password, if LDAP is enabled for external authentication.
-
Configuring, editing, deleting, or centralizing quarantines.
Otherwise,
they have the same privileges as the Administrator role.
|
Yes/Yes
|
Technician
|
User accounts
with the Technician role can initiate system administration activities such as
upgrades and reboots, save a configuration file from the appliance, manage
feature keys, and so forth.
|
Access to System Capacity reports under the Web and Email tabs
|
Read-Only
Operator
|
User accounts
with the Read-Only Operator role have access to view configuration information.
Users with the Read-Only Operator role can make and submit most changes to see
how to configure a feature, but they cannot commit them or make any change that
does not require a commit. Users with this role can manage messages in
quarantines, if access is enabled.
Users with
this role cannot access the following:
-
File system, FTP, or SCP.
-
Settings for creating, editing, deleting or centralizing quarantines.
|
Yes/No
|
Guest
|
Users accounts with the Guest role can view status information including reports and Web Tracking, and manage messages in
quarantines, if access is enabled. Users with the Guest role cannot access Message Tracking.
|
Yes/No
|
Web Administrator
|
User accounts with the Web Administrator role have access to all configuration settings under the Web tab.
|
Yes/Yes
|
Web Policy Administrator
|
User accounts with the Web Policy Administrator role can access the Web Appliance Status page and all pages in the Configuration
Master. The web policy administrator can configure identities, access policies, decryption policies, routing policies, proxy
bypass, custom URL categories, and time ranges. The web policy administrator cannot publish configurations.
|
No/No
|
URL Filtering Administrator
|
User accounts with the URL Filtering Administrator role can configure URL filtering for web security only.
|
No/No
|
Email
Administrator
|
User accounts
with the Email Administrator role have access to all configuration settings
within the Email menu only, including quarantines.
|
No/No
|
Help Desk
User
|
User
accounts with the Help Desk User role are restricted to:
Users with
this role cannot access the rest of the system, including the CLI. After you
assign a user this role, you must also configure quarantines to allow access by
this user.
|
No/No
|
Custom
Roles
|
User
accounts that are assigned a custom user role can view and configure only
policies, features, or specific policy or feature instances that have been
specifically delegated to the role.
You can create a new Custom Email User Role or a new Custom Web User Role from the Add Local User page. However, you must
assign privileges to this Custom User Role before the role can be used. To assign privileges, go to Management Appliance > System Administration > User Roles and click the user name.
Note
|
Users
assigned to a Custom Email User Role cannot access the CLI.
|
For more
information, see
Custom User Roles.
|
No/No
|