Customizing Access Levels per Web Page

The Customize Access Level table lets you configure up to 100 customized access rules. These rules assign read-write (view and configure) or read-only (view) privileges to management user levels (Monitor, Administrator, or Security Administrator) per page in the device's Web interface. These rules override the default read-write and read-only privileges of these user levels (as described in Configuring Management User Accounts). Whatever user level is specified, the rule applies to that level and all levels that are higher than that level (Security Administrator is the highest user level and Monitor is the lowest user level). If you attempt to open a page for which you don't have access privileges, the page displays the message "Your access level doesn't allow you to view this page".

For security reasons, some pages (e.g., the TLS Contexts page) cannot be customized in this table.

The following table provides a few configuration examples to facilitate your understanding of assigning read-write and read-only privileges to user levels per Web page.

Page Name

Read-Write
Access Level

Read-Only
Access Level

Description

CLI Settings

Monitor

Monitor

Assigns read-write (and read-only) privileges to Monitor users for the CLI Settings page. As this is the lowest user level, it means that all higher user levels (i.e., Administrator and Security Administrator) are also assigned full read-write privileges.

Firewall

Security Administrator

Monitor

Assigns read-write privileges to Security Administrator users for the Firewall page. As this is the highest user level, only Security Administrator users have write privileges for this page. In addition, as this rule assigns read-only privileges to Monitor users, which is the lowest user level, all higher user levels (i.e., Administrator and Security Administrator) are also assigned read-only privileges.

TLS Contexts

Security Administrator

Security Administrator

Assigns read-write privileges to Security Administrator users for the TLS Contexts page. As this is the highest user level, no other user level can access (read) or configure (write) this page.

The following procedure describes how to configure customized access level rules through the Web interface. You can also configure it through ini file [WebPagesAccessLevel].

To customize access levels:
1. Open the Customize Access Level table (Setup menu > Administration tab > Web & CLI folder > Customize Access Level).
2. Click New; the following dialog box is displayed:

3. Configure the rule according to the parameters described in the table below.
4. Click Apply, and then save your settings to flash memory.

Customize Access Level Table Parameter Descriptions

Parameter

Description

'Index'

[Index]

Defines an index number for the new table row.

Note: Each row must be configured with a unique index.

'Page Name'

[PageNameFromTree]

Defines the Web page whose access level you want to customize.

Note: For security reasons, some pages are not listed under this parameter and therefore, cannot be customized.

'Read-Write Access Level'

[RWAccessLevel]

Defines the minimum user level to which you want to assign read-write access privileges for the selected Web page.

[50] Monitor
[100] Administrator (default)
[200] Security Administrator

'Read-Only Access Level'

[ROAccessLevel]

Defines the minimum user level to which you want to assign read-only access privileges for the selected Web page.

[50] Monitor (default)
[100] Administrator
[200] Security Administrator

Note: The user level must be the same or lower than the user level you configured in the 'Read-Write Access Level' parameter. For example, you cannot assign read-only privileges to the Security Administrator if you have assigned read-write privileges to the Administrator.