Unable to Access Configuration Management Using Role-Based Admins

Unable to Access Configuration Management Using Role-Based Admins

15774
Created On 09/26/18 13:53 PM - Last Modified 06/12/23 18:17 PM


Resolution


Issue

A Palo Alto Networks firewall administrator account is configured with a custom Admin Role defined with full web UI access. However, this administrator account is unable to access the Configuration Management menu under the Device > Setup > Operations tab.

 

From PAN-OS 5.0 and above: 

The Configuration Management section is available. However, only configuration validation can be performed:

Operations.PNG.png

From PAN-OS 7.0 and above:

The Configuration Management section is available. However, only configuration Load, Save and Revert can be performed:

2016-05-03_15-13-38.jpg

 

Cause

Due to security concerns, if a Palo Alto Networks device administrator is allowed to export the configuration, the password hashes of the other admins would have to be sanitized. However, if the configuration is sanitized it cannot be used as a backed up version since it is not a complete configuration. Because of this scenario, the option shown above is not available to role-based admins.

 

Resolution

Login to a full superuser account in order to access the complete Configuration Management features:
5.png

 

owner: ggarrison
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClxaCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language