Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Understanding Roles in Security Director

 

Roles define the functionality or tasks that a user can perform in Junos Space, and they enable you to segregate users based on the functionality that they are allowed to access. You do this by assigning a different set of roles to various user accounts (in the case of local user accounts created in Junos Space) or to remote profiles to be used for remote authorization. When a user logs in to Junos Space, the tasks that they can perform are determined by the roles that have been assigned to that particular user account.

There are two types of roles: predefined roles, which are created by Junos Space, and user-defined (customized) roles, which must be created manually. The list of predefined user roles that Junos Space Security Director supports is available on the Roles page (select Administration > Users & Roles > Roles).

Roles can only be created by users who are assigned the User Administrator or Super Administrator or by a user with the Create Role permission.

The following predefined roles are available for Security Director users:

Security AnalystHas access to either all the device management tasks or only those device management sub-tasks to which the analyst role is mapped. These users can also view the security director device and read log collector information.
Security ArchitectHas access to either all the device management tasks or only those device management sub-tasks to which the analyst role is mapped. These users can also download and install signatures, and create, view, delete, export and publish policies.
Security Director Change Control Approver A user who has access permission to approve CRs from a requester. For example, a senior administrator or manager can act as an approver, after which a firewall administrator, acting as the requester, can update the changes to the appropriate firewall or NAT policy.
Security Director Change Control RequesterA user who has access permission to make changes to designated policies, submit them for approval, and once approved, update them to the network. For example, an administrator, who provides the required information about the change to the firewall or NAT policy.
Security Operator Read OnlyHas access to view all firewall policies and alerts definitions and has access to edit and view dashboards.