Role-based Panorama Admin Cannot Create 'Scheduled Config Export' Object

Role-based Panorama Admin Cannot Create 'Scheduled Config Export' Object

15501
Created On 09/26/18 13:52 PM - Last Modified 06/12/23 16:11 PM


Resolution


Symptom

A role-based Panorama administrator with “Scheduled Config Export” privilege is not able to create the Scheduled Config Export configuration (under Panorama > Scheduled Config Export).

 

Details

The admin role assigned to the role-based admin has “Scheduled config export” enabled, as shown below:

screenie1.png

 

However, when the admin with this admin role assigned tries to create the scheduled config export object, the following error occurs:

Invalid location / Permission denied

screenie2.png

 

Cause

Certain areas of the configuration are restricted to non-superuser admins for security purposes. For example, if a non-superuser (role-based admin) is granted full, unrestricted access to the config, then this admin would be able to see the phash (password hash) of other admins (and superusers) in plain text. This is the reason why a non-superuser is not permitted to configure the ‘Scheduled Config Export’ section.

 

owner: achitwadgi
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClwNCAS&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language