Cisco Catalyst SD-WAN Policy Groups Configuration Guide, Releases 26.x and Later

PDF

Enable RBAC for NGFW policy

Updated: March 10, 2026

Want to summarize with AI?

Log in

Configure role-based access control (RBAC) to provide read and write permissions for security policy groups and feature profiles.

Follow these steps to enable RBAC for NGFW policy:

To create a policy group and security feature profiles using configuration groups, role-based access control (RBAC) must provide read and write permissions on the following profiles to access each feature. Set the permissions of the user group to enable access to policy groups from Configuration > Policy Groups.

Procedure

1.

From the Cisco SD-WAN Manager menu, choose Administration > Manage Users > User Groups.
2.

Click Add User Group.
3.

Enter User Group Name.
4.

Check a Read or Write check box for the Policy Group, Device and Deploy feature that you want to assign to a user group.
5.

Check a Read or Write check box for the following features that you want to assign to a user group:

  • Feature Profile > DNS Security > DNS Policy

  • Feature Profile > Sig Security > Sig Policy

  • Feature Profile > NGFW > Legacy Policy

  • Feature Profile > NGFW > NGFirewall

  • Feature Profile > NGFW > Policy

  • Feature Profile > Policy Object > Advanced Inspection Profile

    The Advanced Inspection Profile has the following subfeature profiles:

    • Advanced Malware Protection

    • Intrusion Prevention

    • SSL Decryption

    • SSL Decryption Profile

    • URL Filtering
6.

Click Add.