We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

How to Configure Administrative Roles

  • Last updated on

As part of an administrative profile, administrative roles define the operative permissions and restrictions of an administrative user to the different services of the Barracuda NextGen Control Center and the managed Barracuda NextGen F-Series Firewalls. When configuring administrative roles, you can define which services the administrative user is allowed to access and which operations they are allowed or denied to perform on the services. You can then assign the role to an administrative profile (see How to Configure Administrative Profiles).

Roles Permissions and Restrictions

Administrative roles permissions and restrictions are defined as follows:

Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
CC Configuration







Access to CC ConfigYesYesYesYesYes

Kill Sessions

YesYesNoYesNo
Change PermissionsYesNoNoYesNo
Change EventsYesNoNoYesNo
Show AdminsYesNoYesYesNo
Manage AdminsNoNoNoNoYes
Create/Remove RangeYesNoNoYesNo
Create/Remove ClusterYesNoNoYesNo
Use RCSYesNoYesYesNo
Create/Remove BoxesYesNoNoYesNo
Create/Remove ServersYesNoNoYesNo
Create/Remove ServiceYesNoNoYesNo
Create/Remove RepositoryYesNoNoYesNo
Manage HA SyncYesYesNoYesNo
Create PAR FileYesNoNoYesNo
Allow Config View on BoxYesYesYesYesNo
Allow Emergency OverrideYesNoNoYesNo
Create/Remove WorkspaceYesNoNoYesNo
Change WorkspacesYesNoNoYesNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
CC Control










Access to CC ControlYesYesYesYesYes
Show MapYesYesYesYesYes
Show Config UpdatesYesYesYesYesYes
Manage Config UpdatesYesYesNoYesYes
Show Box REXECYesYesYesNoNo
Manage Box REXECYesNoNoNoNo
Show Box Firmware UpdatesYesYesYesNoNo
Manage Box Firmware UpdatesYesYesNoNoNo
Manage Box File UpdateYesYesNoNoNo
Show Box File UpdateNoNoYesNoNo
Manage Box Geo PositionYesYesNoYesNo

Manage Box Activation

YesNoNoYesNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
CC Firewall Audit Info ViewerAccess to Firewall Audit Info ViewerYesYesYesYesNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
CC PKI serviceAccess to CC PKI serviceYesNoNoYesNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
Control














  
Access to ControlYesYesYesYesNo
Start/Stop ServerYesYesNoNoNo
Block ServerYesYesNoNoNo
Start/Stop ServiceYesYesNoNoNo
Block ServiceYesYesNoNoNo
Delete Wild RouteYesYesNo
NoNo
Activate New ConfigurationYesYesNoYesNo
Restart Network SubsystemYesYesNoNoNo
Set or Sync Box TimeYesYesNoYesNo
Firmware RestartYesYesNoNoNo
Reboot/Shutdown SystemYesYesNoNoNo
Activate Kernel UpdateYesNoNoNoNo
Kill SessionsYesYesNoNoNo
Import LicenseYesYesNoYesNo
Remove LicenseYesYesNoYesNo
View License DataYesYesNoYesNo
SCEP OperationsYesYesNoYesNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
Event




Access to EventYesYesYesYesNo
Silence EventsYesYesNoYesNo
Stop AlarmYesYesNoYesNo
Mark as ReadYesYesNoYesNo

Confirm Events

YesYesNoYesNo
Delete EventsYesNoNoYesNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
Log



Access to LogYesYesYesYesNo
Read Box LogfilesYesYesYesYesNo
Delete Box LogfilesYesNoNoYesNo
Read Service LogfilesYesYesYesYesNo

Delete Service Logfiles

YesNoNoYesNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
Statistics



Access to StatisticsYesYesYesYesNo
Read Box StatisticsYesYesYesYesNo
Delete Box StatisticsYesNoNoYesNo
Read Service StatisticsYesYesYesYesNo

Delete Service Statistics

YesNoNoYesNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
DHCPAccess to DHCPYesYesYesNoNo

Allow deletion of leases

YesYesNoNoNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
Access Control ServiceAccess to Access Control ServiceYesYesYesNoNo

Allow deletion of access cache entries

YesNoNoNoNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
CC Access Control Service

Access to CC Access Control ServiceYesYesYesNoNo

Enable Commands

YesNoNoNoNo

Block Box Svnc

YesNoNoNoNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
Firewall









Access to Firewall

YesYesYesYesNo
Terminate ConnectionsYesYesNoNoNo
Modify ConnectionsYesYesNoNoNo
Kill Handler ProcessesYesYesNoNoNo
Dynamic Rule ControlYesYesNoNoNo
Toggle TraceYesYesNoNoNo
View Trace OutputYesYesNoNoNo
Change SettingsYesYesNoNoNo
View RulesetYesYesYesYesNo
Manipulate Access Cache EntriesYesNoNoNoNo
Access ATP and Quarantine ManagementYesYesNoNoNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
VPN

Access to VPNYesYesYesYesNo
Terminate VPN TunnelsYesYesNoNoNo
Disable/Enable VPN TunnelsYesYesNoNoNo

View Configuration

YesYesYesYesNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
Mail Gateway serviceAccess to Mail Gateway serviceYesYesYesNoNo
Enable CommandsYesNoNoNoNo
View Stripped AttachmentsYesNoNoNoNo
Retrieve Stripped AttachmentsYesNoNoNoNo
Delete Stripped AttachmentsYesNoNoNoNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
Virus Scanner service

Access to Virus Scanner serviceYesYesYesNoNo
Allow Block Virus Pattern UpdateYesYesNoNoNo

Allow Manual Virus Pattern Update

YesYesNoNoNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
HTTP Proxy serviceAccess to HTTP Proxy serviceYesYesYesNoNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
Wi-Fi Access Point serviceAccess to Wi-Fi YesYesYesNoNo
Box MenuSoftware ItemManager

Operator

ObserverEditorAdministrators
REST APIAccess to REST APIYesNoNoNoNo
Internal API AccessAccess to internal REST Api interfaceYesNoNoNoNo
External API AccessAccess to external REST Api interfaceYesNoNoNoNo
Write AccessAccess to REST Api interfaceYesNoNoNoNo

Configure Administrative Roles

  1. Go to CONFIGURATION > Configuration Tree > Multi-Range > Global Settings > Administrative Roles.
  2. Click Lock.
  3. In the Roles section, click + to create a new role. You can also edit and modify an existing entry.
  4. Enter a Name for the role (only numbers are allowed) and click OK. The Roles configuration window opens.
  5. To provide the administrative role with access to a service, 

    1. Select the Access to <service name> check box. 

    2. Click Set/Edit to configure detailed permissions for the service and click OK.

      It is recommended that you grant the Show Map permission in the CC Control Module section to every admin role. Admins that do not have this permission will get an error message immediately after they log into the Control Center.

  6. Click OK.
  7. Click Send Changes and Activate.

You can now assign the administrative role to an administrative user profile (see How to Configure Administrative Profiles).

Apply the Administrative Role to a Profile

  1. Click the ADMINS tab.
  2. Right click the admin profile in the list and select Lock.
  3. Edit the profile.
  4. Select the administrative role from the Roles list. (If you just want to assign specific roles, clear the Allow All Operations check box.)
  5. Click OK.
  6. Click Activate.

The administrative user can now view and edit settings and services on the Barracuda NextGen Control Center according to their assigned roles.

Last updated on