The NetSec Manager asked to create a new EMEA Regional Panorama Administrator profile with customized privileges. In particular, the new EMEA Regional Panorama Administrator should be able to:
Access only EMEA-Regional device groups with read-only privileges
Access only EMEA-Regional templates with read-only privileges
What is the correct configuration for the new EMEA Regional Panorama Administrator profile?
The correct configuration for the EMEA Regional Panorama Administrator profile would be to set the Administrator Type as 'Device Group and Template Admin'. This allows for specific control over device groups and templates. The Admin Role should be 'EMEA_Regional_Admin_read_only' to ensure the administrator has read-only access to the EMEA-Regional device groups and templates. Finally, setting the Access Domain to 'EMEA-Regional' restricts access to the specified regional domain, which aligns with the requirement to access only EMEA-Regional device groups and templates with read-only privileges.
Administrator Type - Dynamic - Roles that provide access to Panorama and managed firewalls. - Custom Panorama Admin - Configurable roles that have read-write access, read-only access, or no access to Panorama features. - Device Group and Template Admin - Configurable roles that have read-write access, read-only access, or no access to features for the device groups and templates that are assigned to the access domains select for this administrator.
Would say it's correct