Custom Permission Profile - Access Control

What can I do here?

Use this window to define granular permissions for Access Control Policy rules.

Getting Here - SmartConsole > Manage & Settings > Permissions and Administrators > Permissions profile > profile > New or Edit > Access Control page Or: SmartConsole for Multi-Domain Server > Multi Domain > Permissions and Administrators > Permission Profiles > New or Edit > Domain Permission Profile > Access Control page

Access Permission Profile

Configure permissions for these Access Control Policy activities

Policy

Show Policy - Select to let administrators work with Access Control rules and NAT rules. If not selected, administrators cannot see these rules.

• Edit Layers by Software Blades - Select this option to configure permissions to with these features in Access Control Layers:
  • Firewall - Work with Access Control and other Software Blades that do not have their own Policies.
  • Application and URL Filtering - Use Application and URL Filtering in Access Control rules.
  • Data Awareness - Use specified data types in Access Control rules.
  • Mobile Access - Work with Mobile Access rules.

    To let administrators work with these Policy options, you must also enable these blades in in the Policy Layer Editor. This permission profile must also include all of the Software Blades enabled in the Layer Editor. If you do not do this, administrators with this permission profile cannot work with rules for Access Control Software Blades.

    For example, if you enable Read/Write access for the Firewall, Application and URL Filtering , and Data Awareness Software Blades in the Layer Editor, you must also select them in the permission profile.

• Edit Layers by selected profiles in the Layer editor - Select this option to use only those Layer permissions defined in the Layer Editor. There is no Software Blade-level granularity.

Additional Policies

• NAT Policy - Work with NAT in Access Control rules.
• QoS Policy - Work QoS Policies and rules.
• Data Loss Prevention - Configure DLP rules and Policies.
• Geo Policy - Work with Access Control rules that control traffic to and from specified countries.

General

• Access Control Objects and Settings - allow editing of these object types:
  • VPN Community.
  • Access Role.
  • Custom application group.
  • Custom application.
  • Custom category.
  • Limit.
  • Application - Match Settings.
  • Application category - Match Settings.
  • Override Categorization.
  • Application and URL Filtering blade - Advanced Settings.
  • Data Awareness blade - Advanced Settings.

Actions

• Install Policy - Install Access Control Policies.
• Application and URL Filtering Update - Install Application and URL Filtering updates.