It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

How to Configure Administrative Roles

  • Last updated on

As part of an administrative profile, administrative roles define the operative permissions and restrictions of an administrative user to the different services of the Barracuda Firewall Control Center and the managed Barracuda CloudGen Firewalls. When configuring administrative roles, you can define which services the administrative user is allowed to access and which operations they are allowed or denied to perform on the services. You can then assign the role to an administrative profile (see How to Configure Administrative Profiles).

Roles Permissions and Restrictions

Administrative roles permissions and restrictions are defined as follows:

Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
CC ConfigurationAccess to CC Config Yes Yes Yes Yes Yes

Kill Sessions

Yes Yes No Yes No
Change Permissions Yes No No Yes No
Change Events Yes No No Yes No
Show Admins Yes No Yes Yes No
Manage Admins No No No No Yes
Create/Remove Range Yes No No Yes No
Create/Remove Cluster Yes No No Yes No
Use RCS Yes No Yes Yes No
Create/Remove Boxes Yes No No Yes No
Create/Remove Servers Yes No No Yes No
Create/Remove Service Yes No No Yes No
Create/Remove Repository Yes No No Yes No
Manage HA Sync Yes Yes No Yes No
Create PAR File Yes No No Yes No
Allow Config View on Box Yes Yes Yes Yes No
Allow Emergency Override Yes No No Yes No
Create/Remove Workspace Yes No No Yes No
Change Workspaces Yes No No Yes No
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
CC ControlAccess to CC Control Yes Yes Yes Yes Yes
Show Map Yes Yes Yes Yes Yes
Show Config Updates Yes Yes Yes Yes Yes
Manage Config Updates Yes Yes No Yes Yes
Show Box REXEC Yes Yes Yes No No
Manage Box REXEC Yes No No No No
Show Box Firmware Updates Yes Yes Yes No No
Manage Box Firmware Updates Yes Yes No No No
Install uploaded Box Firmware Updates Yes Yes No No No
Manage Box File Update Yes Yes No No No
Show Box File Update No No Yes No No
Manage Box Geo Position Yes Yes No Yes No

Manage Box Activation

Yes No No Yes No
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
CC Firewall Audit Info ViewerAccess to Firewall Audit Info Viewer Yes Yes Yes Yes No
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
ControlAccess to Control Yes Yes Yes Yes No
Start/Stop Server Yes Yes No No No
Block Server Yes Yes No No No
Start/Stop Service Yes Yes No No No
Block Service Yes Yes No No No
Delete Wild Route Yes Yes No No No
Activate New Configuration Yes Yes No Yes No
Restart Network Subsystem Yes Yes No No No
Set or Sync Box Time Yes Yes No Yes No
Firmware Restart Yes Yes No No No
Reboot/Shutdown System Yes Yes No No No
Activate Kernel Update Yes No No No No
Kill Sessions Yes Yes No No No
Import License Yes Yes No Yes No
Remove License Yes Yes No Yes No
View License Data Yes Yes No Yes No
SCEP Operations Yes Yes No Yes No
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
EventAccess to Event Yes Yes Yes Yes No
Silence Events Yes Yes No Yes No
Stop Alarm Yes Yes No Yes No
Mark as Read Yes Yes No Yes No

Confirm Events

Yes Yes No Yes No
Delete Events Yes No No Yes No
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
LogAccess to Log Yes Yes Yes Yes No
Read Box Logfiles Yes Yes Yes Yes No
Delete Box Logfiles Yes No No Yes No
Read Service Logfiles Yes Yes Yes Yes No

Delete Service Logfiles

Yes No No Yes No
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
StatisticsAccess to Statistics Yes Yes Yes Yes No
Read Box Statistics Yes Yes Yes Yes No
Delete Box Statistics Yes No No Yes No
Read Service Statistics Yes Yes Yes Yes No

Delete Service Statistics

Yes No No Yes No
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
DHCPAccess to DHCP Yes Yes Yes No No

Allow deletion of leases

Yes Yes No No No
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
Access Control ServiceAccess to Access Control Service Yes Yes Yes No No

Allow deletion of access cache entries

Yes No No No No
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
CC Access Control ServiceAccess to CC Access Control Service Yes Yes Yes No No

Enable Commands

Yes No No No No

Block Box Svnc

Yes No No No No
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
Firewall

Access to Firewall

Yes Yes Yes Yes No
Terminate Connections Yes Yes No No No
Modify Connections Yes Yes No No No
Kill Handler Processes Yes Yes No No No
Dynamic Rule Control Yes Yes No No No
Toggle Trace Yes Yes No No No
View Trace Output Yes Yes No No No
Change Settings Yes Yes No No No
View Ruleset Yes Yes Yes Yes No
Manipulate Access Cache Entries Yes No No No No
Access ATP and Quarantine Management Yes Yes No No No
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
VPNAccess to VPN Yes Yes Yes Yes No
Terminate VPN Tunnels Yes Yes No No No
Disable/Enable VPN Tunnels Yes Yes No No No

View Configuration

Yes Yes Yes Yes No
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
Mail Gateway serviceAccess to Mail Gateway service Yes Yes Yes No No
Enable Commands Yes No No No No
View Stripped Attachments Yes No No No No
Retrieve Stripped Attachments Yes No No No No
Delete Stripped Attachments Yes No No No No
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
Virus Scanner serviceAccess to Virus Scanner service Yes Yes Yes No No
Allow Block Virus Pattern Update Yes Yes No No No

Allow Manual Virus Pattern Update

Yes Yes No No No
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
HTTP Proxy serviceAccess to HTTP Proxy service Yes Yes Yes No No
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
Wi-Fi Access Point service Access to Wi-Fi Yes Yes Yes No No
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
REST APIAccess to REST API Yes No No No No
Internal API AccessAccess to internal REST Api interface Yes No No No No
External API AccessAccess to external REST Api interface Yes No No No No
Write AccessAccess to REST Api interface Yes No No No No

Configure Administrative Roles

  1. Go to CONFIGURATION > Configuration Tree > Multi-Range > Global Settings > Administrative Roles.
  2. Click Lock.
  3. In the Roles section, click + to create a new role. You can also edit and modify an existing entry.
  4. Enter a Name for the role (only numbers are allowed) and click OK. The Roles configuration window opens.
  5. To provide the administrative role with access to a service:

    1. Select the  Access to <service name> check box.

    2. Click Set/ Edit to configure detailed permissions for the service and click OK.

      It is recommended that you grant the Show Map permission in the CC Control Module section to every admin role. Admins that do not have this permission will get an error message immediately after they log into the Control Center.

  6. Click OK.
  7. Click Send Changes and Activate.

You can now assign the administrative role to an administrative user profile (see How to Configure Administrative Profiles).

Apply the Administrative Role to a Profile

  1. Click the ADMINS tab.
  2. Right-click the admin profile in the list and select Lock.
  3. Edit the profile.
  4. Select the administrative role from the Roles list. (If you just want to assign specific roles, clear the Allow All Operations check box.)
  5. Click OK.
  6. Click Activate.

The administrative user can now view and edit settings and services on the Barracuda Firewall Control Center according to their assigned roles.