We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

This Firmware Version Is End-Of-Support

Documentation for this product is no longer updated. Please see https://campus.barracuda.com/doc/71862301/ for further information on our EoS policy.

How to Configure Administrative Roles

  • Last updated on

As part of an administrative profile, administrative roles define the operative permissions and restrictions of an administrative user to the different services of the Barracuda NG Control Center and the managed Barracuda NG Firewalls units. When configuring administrative roles, you can define which services the administrative user is allowed to access and which operations they are allowed or denied to perform on the services. You can then assign the role to an administrative profile (see How to Configure Administrative Profiles).

In this article: 

Roles Permissions and Restrictions

Administrative roles permissions and restrictions are defined as follows:

Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
CC Configuration







Access to CC ConfigYesYesYesYesYes

Kill Sessions

YesYesNoYesNo
Change PermissionsYesNoNoYesNo
Change EventsYesNoNoYesNo
Show AdminsYesNoYesYesNo
Manage AdminsYesNoNoYesYes
Create/Remove RangeYesNoNoYesNo
Create/Remove ClusterYesNoNoYesNo
Use RCSYesNoYesYesNo
Create/Remove BoxesYesNoNoYesNo
Create/Remove ServersYesNoNoYesNo
Create/Remove ServiceYesNoNoYesNo
Create/Remove RepositoryYesNoNoYesNo
Manage HA SyncYesYesNoYesNo
Create PAR FileYesNoNoYesNo
Allow Config View on BoxYesYesYesYesNo
Allow Emergency OverrideYesNoNoYesNo
Create/Remove WorkspaceYesNoNoYesNo
Change WorkspacesYesNoNoYesNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
CC Control










Access to CC ControlYesYesYesYesYes
Show MapYesYesYesYesYes
Show Config UpdatesYesYesYesYesYes
Manage Config UpdatesYesYesYesYesYes
Show Box REXECYesYesYesNoNo
Manage Box REXECYesYesNoNoNo
Show Box Firmware UpdatesYesYesYesNoNo
Manage Box Firmware UpdatesYesYesYesNoNo
Manage Box File UpdateYesYesYesNoNo
Show Box File UpdateYesYesYesNoNo
Manage Box Geo PositionYesYesYesYesNo

Manage Box Activation

YesYesNoYesNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
CC Audit InfoAccess to CC Audit InfoYesYesYesYesNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
CC PKIAccess to CC PKIYesNoYesYesNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
Control














  
Access to ControlYesYesYesYesNo
Start/Stop ServerYesYesNoNoNo
Block ServerYesYesNoNoNo
Start/Stop ServiceYesYesNoNoNo
Block ServiceYesYesNoNoNo
Delete Wild RouteYesYesNo
NoNo
Activate New ConfigurationYesYesYesYesNo
Restart Network SubsystemYesYesNoNoNo
Set or Sync Box TimeYesYesYesYesNo
Firmware RestartYesYesNoNoNo
Reboot/Shutdown SystemYesYesNoNoNo
Activate Kernel UpdateYesNoNoNoNo
Kill SessionsYesYesNoNoNo
Import LicenseYesYesYesYesNo
Remove LicenseYesYesYesYesNo
View License DataYesYesYesYesNo
SCEP OperationsYesYesYesYesNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
Event




Access to EventYesYesYesYesNo
Silence EventsYesYesNoYesNo
Stop AlarmYesYesNoYesNo
Mark as ReadYesYesNoYesNo

Confirm Events

YesYesNoYesNo
Delete EventsYesNoNoYesNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
Log



Access to LogYesYesYesYesNo
Read Box LogfilesYesYesYesYesNo
Delete Box LogfilesYesNoNoYesNo
Read Service LogfilesYesYesYesYesNo

Delete Service Logfiles

YesNoNoYesNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
Statistics



Access to StatisticsYesYesYesYesNo
Read Box StatisticsYesYesYesYesNo
Delete Box StatisticsYesNoNoYesNo
Read Service StatisticsYesYesYesYesNo

Delete Service Statistics

YesNoNoYesNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
DHCPAccess to DHCPYesYesYesNoNo

Enable Commands / deletion of lease

YesYesNoNoNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
Access Control ServiceAccess to Access Control ServiceYesYesYesNoNo

Enable Commands / deletion of access cache

YesNoNoNoNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
CC Access Control Service

Access to CC Access Control ServiceYesYesYesNoNo

Enable Commands

YesNoNoNoNo

Block Box Svnc

YesNoNoNoNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
Firewall









Access to Firewall

YesYesYesYesNo
Terminate ConnectionsYesYesNoNoNo
Modify ConnectionsYesYesNoNoNo
Kill Handler ProcessesYesYesNoNoNo
Dynamic Rule ControlYesYesNoNoNo
Toggle TraceYesYesNoNoNo
View Trace OutputYesYesNoNoNo
Change SettingsYesYesNoNoNo
View RulesetYesYesYesYesNo
Manipulate Access Cache EntriesYesNoNoNoNo
Access ATD tab and QuarantineYesNoNoNoNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
VPN

Access to VPNYesYesYesYesNo
Terminate VPN TunnelsYesYesNoNoNo
Disable/Enable VPN TunnelsYesYesNoNoNo

View Configuration

YesYesYesYesNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
Mail Router



Access to Mail RouterYesYesYesNoNo
Enable CommandsYesNoNoNoNo
View Stripped AttachmentsYesNoNoNoNo
Retrieve Stripped AttachmentsYesNoNoNoNo
Delete Stripped AttachmentsYesNoNoNoNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
Virus Scanner

Access to Virscan ServiceYesYesYesNoNo
Allow Block Virus Pattern UpdateYesYesNoNoNo

Allow Manual Virus Pattern Update

YesYesNoNoNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
Secure Web Proxy



Access to Secure Web ProxyYesYesYesNoNo
Access Cache ManagementYesNoNoNoNo
Ticket ManagementYesYesNoNoNo

Cert. Authorities Management

YesNoNoNoNo
XML Services ManagementYesNoNoNoNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
HTTP ProxyAccess to HTTP ProxyYesYesYesNoNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
WiFiAccess to WiFiYesYesYesNoNo

Configure Administrative Roles

  1. Go to CONFIGURATION > Configuration Tree > Multi-Range > Global Settings > Administrative Roles.
  2. Click Lock.
  3. In the Roles section, click + to create a new role. You can also edit and modify an existing entry.
  4. Enter a Name for the role (only numbers are allowed) and click OK. The Roles configuration window opens.
  5. To provide the administrative role with access to a service, 

    1. Select the Access to  check box. 

    2. Click Set/Edit to configure detailed permissions for the service and click OK.

      It is recommended that you grant the Show Map permission in the CC Control Module section to every admin role. Admins that do not have this permission will get an error message immediately after they log into the Barracuda NG Control Center.

  6. Click OK.
  7. Click Send Changes and Activate.

You can now assign the administrative role to an administrative user profile (see How to Configure Administrative Profiles).

Apply the Administrative Role to a Profile

  1. Click the ADMINS tab.
  2. Right click the admin profile in the list and select Lock.
  3. Edit the profile.
  4. Select the administrative role from the Roles list. (If you just want to assign specific roles, clear the Allow All Operations check box.)
  5. Click OK.
  6. Click Activate.

The administrative user can now view and edit settings and services on the Barracuda NG Control Center according to their assigned roles.

Last updated on