Palo Alto Networks Knowledgebase: Unable to Access Configuration Management Using Role-Based Admins

Unable to Access Configuration Management Using Role-Based Admins

2880
Created On 02/07/19 23:40 PM - Last Updated 02/07/19 23:40 PM
Device Management Initial Configuration Installation QoS Zone and DoS Protection
Resolution

Issue

A Palo Alto Networks firewall administrator account is configured with a custom Admin Role defined with full web UI access. However, this administrator account is unable to access the Configuration Management menu under the Device > Setup > Operations tab.

 

From PAN-OS 5.0 and above: 

The Configuration Management section is available. However, only configuration validation can be performed:

Operations.PNG.png

From PAN-OS 7.0 and above:

The Configuration Management section is available. However, only configuration Load, Save and Revert can be performed:

2016-05-03_15-13-38.jpg

 

Cause

Due to security concerns, if a Palo Alto Networks device administrator is allowed to export the configuration, the password hashes of the other admins would have to be sanitized. However, if the configuration is sanitized it cannot be used as a backed up version since it is not a complete configuration. Because of this scenario, the option shown above is not available to role-based admins.

 

Resolution

Login to a full superuser account in order to access the complete Configuration Management features:
5.png

 

owner: ggarrison



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClxaCAC&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language