Error message: "Device Admin Role for the role based admin has not been defined" when trying to context switch after upgrading to 10.x releases
48718
Created On 09/06/21 15:01 PM - Last Modified 10/25/21 22:39 PM
Symptom
After the Panorama is upgraded to a 10.x release, when trying to switch context, an error is displayed: "Device Admin Role for the role based admin has not been defined"
Environment
- Panorama.
- PAN OS 10.0.6.
Cause
- This is due to the default changes introduced on 10.x releases,
- After the upgrade to PAN-OS 10.0, one must assign a Device Admin Role and push the same to managed firewalls when configuring a Panorama Admin Role profile to allow Device Group and Template administrators to context switch between the Panorama and firewall web interface.
- During the context switch, Panorama validates if the admin has access to a specific VSYS or for all VSYS's. If the admin has access to all VYS, then Panorama uses the device admin role context switch. If the admin has access to one or some of the VSYS, then Panorama uses the VSYS admin role to context switch.
Resolution
Configure an admin role on the firewall to switch context between Panorama and Firewalls, see the instructions here on how to create the admin role.
Additional Information
Changes to default behavior on 10.x releases