Access rights for administrators
Description
What are the access rights available for the different administrator and which zone(s) can they login from?
Resolution for SonicOS 7.X
This release includes significant user interface changes and many new features that are different from the SonicOS 6.5 and earlier firmware. The below resolution is for customers using SonicOS 7.X firmware.
SonicWall appliance provides a default build-in administrator account (Username: admin; Password: password ). When logging in the firewall with this default account and navigate to Device | Users | Local Users & Groups page, you can see another four administrators groups (SonicWall Administrators, Limited Administrators, SonicWall Read-Only Admins and Guest Administrators).
These five administrators can be classified into four configuration modes (Full Admin, Read-only Admin, Limited Admin, Guest Admin).
- Build-in Administrator : Full admin
- SonicWall Administrator: Full admin
- Limited Administrator: Limited Admin
- SonicWall Read-Only Admin: Read-Only Admin
- Guest Administrators: Guest Admin (Guest management only)
Which zone(s) can these administrators access from?
| Zone | Full admin | Limited Admin | Read-Only Admin | Guest Admin |
| WAN | X | X | X | |
| LAN | X | X | X | X |
| DMZ | X | X | X | X |
| WLAN | X | X | X | X |
| VPN | X | X | X | X |
| SSLVPN | X | X | X | X |
What are the access rights available for the different administrator?
| Function | Full Admin in config mode | Full Admin in non-config mode | Read-only Admin | Limited Admin | Guest Admin |
| Import certificates | X | ||||
| Generate certificate sign- ing requests | X | ||||
| Export certificates | X | ||||
| Export appliance settings | X | X | X | ||
| Download TSR | X | X | X | ||
| Use other diagnostics | X | X | X | ||
| Configure network | X | X | |||
| Flush ARP cache | X | X | X | ||
| Setup DHCP Server | X | ||||
| Renegotiate VPN tunnels | X | X | |||
| Log users off | X | X | X guest users only | X guest users only | |
| Unlock locked-out users | X | X | |||
| Clear log | X | X | X | ||
| Filter logs | X | X | X | X | |
| Export log | X | X | X | X | |
| Email log | X | X | X | ||
| Configure log categories | X | X | X | ||
| Configure log settings | X | X | |||
| Generate log reports | X | X | X | ||
| Browse the full UI | X | X | X | ||
| Generate log reports | X | X | X | ||
| Using CLI | X | X |
NOTE: This table does not include all functions available to limited administrators,Guest admin can only browse and manage guest related functions.
TIP: Non-configuration mode can be entered when another administrator is already in configuration mode and the new administrator chooses not to preempt the existing administrator.
Priority for preempting administrators?
- The build-in admin and SonicWall global management system (GMS) both have the highest priority and can preempt any users.
- A user that is a member of the SonicWall administrators (Full admin) can preempt any users except for the build-in admin and SonicWall GMS.
- A user that is a member of the Limited Administrators can only preempt other members of the Limited Administrators group
Resolution for SonicOS 6.5
This release includes significant user interface changes and many new features that are different from the SonicOS 6.2 and earlier firmware. The below resolution is for customers using SonicOS 6.5 firmware.
SonicWall appliance provides a default build-in administrator account (Username: admin; Password: password ). When logging in the firewall with this default account and navigate to Manage | Users | Local Users & Groups page, you can see another four administrators groups (SonicWall Administrators, Limited Administrators, SonicWall Read-Only Admins and Guest Administrators).
These five administrators can be classified into four configuration modes (Full Admin, Read-only Admin, Limited Admin, Guest Admin).
- Build-in Administrator : Full admin
- SonicWall Administrator: Full admin
- Limited Administrator: Limited Admin
- SonicWall Read-Only Admin: Read-Only Admin
- Guest Administrators: Guest Admin (Guest management only)
Which zone(s) can these administrators access from?
| Zone | Full admin | Limited Admin | Read-Only Admin | Guest Admin |
| WAN | X | X | X | |
| LAN | X | X | X | X |
| DMZ | X | X | X | X |
| WLAN | X | X | X | X |
| VPN | X | X | X | X |
| SSLVPN | X | X | X | X |
What are the access rights available for the different administrator?
| Function | Full Admin in config mode | Full Admin in non-config mode | Read-only Admin | Limited Admin | Guest Admin |
| Import certificates | X | ||||
| Generate certificate sign- ing requests | X | ||||
| Export certificates | X | ||||
| Export appliance settings | X | X | X | ||
| Download TSR | X | X | X | ||
| Use other diagnostics | X | X | X | ||
| Configure network | X | X | |||
| Flush ARP cache | X | X | X | ||
| Setup DHCP Server | X | ||||
| Renegotiate VPN tunnels | X | X | |||
| Log users off | X | X | X guest users only | X guest users only | |
| Unlock locked-out users | X | X | |||
| Clear log | X | X | X | ||
| Filter logs | X | X | X | X | |
| Export log | X | X | X | X | |
| Email log | X | X | X | ||
| Configure log categories | X | X | X | ||
| Configure log settings | X | X | |||
| Generate log reports | X | X | X | ||
| Browse the full UI | X | X | X | ||
| Generate log reports | X | X | X | ||
| Using CLI | X | X |
NOTE: This table does not include all functions available to limited administrators,Guest admin can only browse and manage guest related functions.
TIP: Non-configuration mode can be entered when another administrator is already in configuration mode and the new administrator chooses not to preempt the existing administrator.
Priority for preempting administrators?
- The build-in admin and SonicWall global management system (GMS) both have the highest priority and can preempt any users.
- A user that is a member of the SonicWall administrators (Full admin) can preempt any users except for the build-in admin and SonicWall GMS.
- A user that is a member of the Limited Administrators can only preempt other members of the Limited Administrators group