Edit-Only Role

Users with the Edit-Only role can do the following:

• Edit and save device configurations, including but not limited to objects, policies, rulesets, interfaces, VPN, etc.

• Allow configuration changes that are made through the Read Configuration action.

• Utilize the Change Request Management action.

Edit-Only users cannot do the following:

• Deploy changes to a device or to multiple devices.

• Discard staged changes or changes that are detected through OOB.

• Upload AnyConnect Packages, or configure these settings.

• Schedule or manually start image upgrades for devices.

• Schedule or manually start a security database upgrade.

• Manually switch between Snort 2 and Snort 3 versions.

• Create a template.

• Change the existing OOB Change settings.

• Edit System Management settings.

• Onboard devices.

• Delete devices.

• Delete VPN sessions or user sessions.

• Create CDO user records.

• Change user role.