The Barracuda NextGen Control Center provides a set of predefined administrative roles that can be modified if required and applied to an admin profile (e.g., Manager, Editor, etc.). Administrative roles define which services administrators are allowed to use on the Control Center and the managed firewalls and which operations the administrator is allowed to perform within the different services (e.g., terminate VPN tunnels, etc.). When creating an administrative profile, you can assign multiple administrative roles to a Control Center administrator account.
For more information, see How to Configure Administrative Roles.
When introducing an administrator on the Control Center, create an administrative profile and assign access privileges, permissions, and restrictions.
An administrative profile consists of the following settings:
- Account Settings – Account settings define various parameters of an administrator account, such as username, authentication method, password expiration policy, shell access level, etc. You can authenticate administrators via local or external schemes (e.g., MS Active Directory, RADIUS, LDAP, etc.). External authentication enables the Control Center and the firewalls to verify the credentials of an administrator against any supported authentication server. Administrators can use their external authentication (e.g., MSAD) password for logging into the F-Series environment. Optionally, the administrator can also receive access rights to the operating system layer (shell login).
- Administrative Scope – By assigning elements like a range or cluster, the administrative scope implicitly defines the systems that the administrator can access. The administrative scope also restricts the administrator’s view on the Control Center (e.g., status map, config tree, etc.) and access to certain F-Series Firewalls that are managed by the Control Center.
- Configuration Levels – The configuration level defines the read and write access a user has on configuration nodes in the Control Center config tree. When creating an administrative profile, you have to apply a configuration level to the administrative user. In addition, you can specify or change configuration levels in the config tree. To read or edit a configuration node in the config tree, the administrative user must have a configuration level that is lower than the node’s read and write level.
For more information, see How to Configure Administrative Profiles.