Device access
Device access profiles define role-based permissions for administrators who manage the firewall using the web admin console or API. These profiles can grant permissions from full access to feature-specific permissions.
The firewall offers some default profiles for common roles. You can't edit these. However, you can create and edit custom profiles.
To edit or see a profile's permissions, click Edit 
.
Administrator profile
Administrators with this profile have full access to the web admin console and CLI. They can send all types of API requests and create custom administrators.
The default admin account has the permissions of the Administrator profile. You can assign this profile to other administrators.
Other default profiles
Administrators with these profiles have read-write permissions for some configurations.
| Profile | Description |
|---|---|
| Administrator | Super administrator with full privileges. Profile of the default admin. Can create administrators with restricted or full privileges. |
| Audit admin | Has read-write privileges to logs and reports. |
| Crypto admin | Has read-write privileges to configure security certificates. |
| HAProfile | Has read-only privileges to the auxiliary device, if high availability is configured. |
| Security admin | Has read-write privileges to all features, except profiles, logs, and reports. |
Tip
To delete a profile, make sure that it isn't assigned to an administrator.
Permissions
You can assign the following permissions for the configurations listed:
- None
- Read-only
- Read-write
Note
Administrators with permissions set to None can't see the configurations on the web admin console or get them through the API.