Error message: "Device Admin Role for the role based admin has not been defined" when trying to context switch after upgrading to 10.x releases

Error message: "Device Admin Role for the role based admin has not been defined" when trying to context switch after upgrading to 10.x releases

46107
Created On 09/06/21 15:01 PM - Last Modified 10/25/21 22:39 PM


Symptom


After the Panorama is upgraded to a 10.x release, when trying to switch context, an error is displayed: "Device Admin Role for the role based admin has not been defined"
User-added image

Environment


  • Panorama.
  • PAN OS 10.0.6.

Cause


  • This is due to the default changes introduced on 10.x releases,
  • After the upgrade to PAN-OS 10.0, one  must assign a Device Admin Role and push the same to  managed firewalls when configuring a Panorama Admin Role profile to allow Device Group and Template administrators to context switch between the Panorama and firewall web interface.
  • During the context switch, Panorama validates if the admin has access to a specific VSYS or for all VSYS's. If the admin has access to all VYS, then Panorama uses the device admin role context switch. If the admin has access to one or some of the VSYS, then Panorama uses the VSYS admin role to context switch.

Resolution


Configure an admin role on the firewall to switch context between Panorama and Firewalls, see the instructions  here on how to create the admin role.

Additional Information


Changes to default behavior on 10.x releases
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004LlvCAE&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language