Not able to export security rule as custom role based admin, even though custom role based admin have privilege's for viewing security rule.

Not able to export security rule as custom role based admin, even though custom role based admin have privilege's for viewing security rule.

302
Created On 01/29/23 05:04 AM - Last Modified 11/06/25 20:46 PM


Symptom


In this example, I created "TestAdmin" Admin Role and created "user1" Administrator.
  1. We created [Device > Admin Roles > "TestAdmin" > WebUI > Policies > Security read-only. Other webui(Dashboard, ACC, Monitor....) privileges are disabled.image.png
  2. We assigned "TestAdmin" Amin role to "user1".image.png
  3. After we logged in Next Generation Firewall with "user1" and went to Polices and clicked PDF/CSV for export security rule, the dialog box disappeared immediately and the export failed.image.png

Environment


Every PAN OS version have this issue.
(Pan OS v8.1, v9.0, v9.1, v10.0, v10.1, v10.2, v11.0) 

Cause


PAN-210440 handled this issue.
The export dialog closes as the user does not have permission to objects/applications.

Resolution


PAN-210440 handled this issue. Engineering found out root cause and created sub-task for each PAN OS fix.
For PAN OS v10.2.x, Fix will be applied to v10.2.5.

Workaround is that if we add additional config [Device > Admin Roles > "testAdmin" > > WebUI > Objects > Applications > Read-only or enabled, we can export security rule with <user1>.
image.png
image.png
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000kGdCCAU&lang=en_US&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail