AI Access Security
Enable Role Based Access to AI Access Security
Table of Contents
Expand All
|
Collapse All
AI Access Security Docs
Enable Role Based Access to AI Access Security
AI Access Security
Enable role-based access to
AI Access Security
.Where Can I Use This? | What Do I Need? |
---|---|
| One of the following:
|
Configure role-based access to
AI Access Security
by assigning a
predefined role to your security administrators. The predefined roles you assign to
your security administrators define which parts of AI Access Security
they have full or partial read and write access privileges. Review the table below
to understand the predefined roles that grant role-based access to AI Access Security
. This information pertains only to access privileges
specific to AI Access Security
. For detailed information about all
predefined roles and what other access privileges they grant, review the Roles and Permissions.Custom roles are not supported.
Predefined AI Access Security Role | Privileges |
---|---|
Data Security admin | Full read and write access privileges for AI Access Security . |
Multitenant Superuser | Full read and write privileges for all available system-wide
functions for all tenants in the particular multitenant
hierarchy where the role is assigned. |
Security Administrator | Read and write access for AI Access Security . |
Superuser | Full read and write privileges for the tenant, including AI Access Security . In a multitenant hierarchy, the Superuser role is specific to a
child tenant and not
to the top-level parent tenant or to other child tenants. |
View Only Administrator | Read-only privileges for AI Access Security |
Enable Role Based Access for AI Access Security (NGFW Managed
by Panorama)
AI Access Security
(NGFW
Managed
by Panorama
)Enable role-based access to
AI Access Security
for NGFW (Managed by Panorama)
.- Administrator accounts specify authentication and admin role privileges for aPanoramaadmin. A custom admin role allows granular customized access privileges for thePanoramaadmin. For example, if the assigned role privilege does not allow the admin access to Security policy rules then the admin can't implement policy rules to control access to GenAI apps.
- Enable role-based access forEnterprise Data Loss Prevention (E-DLP).This defines the access privileges to configureEnterprise DLPdata patterns and profiles that define what is considered sensitive data that must be blocked. Skip this step if you have already configured role-based access toEnterprise DLPor don't want to configure access toEnterprise DLPfor the user.
- Assign role-based access forAI Access Security.
- SelectUserand for theIdentity Address, enter the email address for which you granted access in the previous step.
- ForApps & Services, select.AI Access Security
- Select a predefinedCommon ServicesRole.
- Submit.
Enable Role Based Access for AI Access Security (Prisma Access Managed by
Panorama)
AI Access Security
(Prisma Access
Managed by
Panorama
)Enable role-based access to
AI Access Security
for Prisma Access (Managed by Panorama)
.- Administrator accounts specify authentication and admin role privileges for aPanoramaadmin. A custom admin role allows granular customized access privileges for thePanoramaadmin. For example, if the assigned role privilege does not allow the admin access to Security policy rules then the admin can't implement policy rules to control access to GenAI apps.
- Enable role-based access forPrisma Access.This defines which admins can push configuration changes fromPanoramato yourPrisma Accesstenants.
- Enable role-based access forEnterprise Data Loss Prevention (E-DLP).This defines the access privileges to configureEnterprise DLPdata patterns and profiles that define what is considered sensitive data that must be blocked. Skip this step if you have already configured role-based access toEnterprise DLPor don't want to configure access toEnterprise DLPfor the user.
- Assign role-based access forAI Access Security.
- SelectUserand for theIdentity Address, enter the email address for which you granted access in the previous step.
- ForApps & Services, select.AI Access Security
- Select a predefinedCommon ServicesRole.
- Submit.
Enable Role Based Access for AI Access Security (NGFW Managed
by Strata Cloud Manager)
AI Access Security
(NGFW
Managed
by Strata Cloud Manager
)Enable role-based access to
AI Access Security
for NGFW (Managed by Strata Cloud Manager)
.- Use one of the various ways to accessIdentity & Access.
- This step is required only if the user for which you’re grantingAI Access Securityaccess isn't already registered with the Palo Alto Networks Customer Support Portal (CSP).
- Assign role-based access forAI Access Security.You don't need to configure a tenant role for a user if access to onlyEnterprise DLPis required.
- SelectUserand for theIdentity Address, enter the email address for which you granted access in the previous step.
- ForApps & Services, select.AI Access Security
- Select a predefinedCommon ServicesRole.
- Add Anotherto enable additional role-based access to subscriptions for the admin onStrata Cloud Manager.ClickAdd Anotherfor each subscription you want to enable role-based access. Skip this step if you only want to enable role-based access toAI Access Security.
- Enable role-based access forAIOps for NGFW.This controls which parts ofStrata Cloud Managerthe admin has access to. For example, if the assigned role privilege does not allow the admin access to Web Security policy rules then the admin can't implement policy rules to control access to GenAI apps.
- Enable role-based access forEnterprise Data Loss Prevention (E-DLP).This defines the access privileges to configureEnterprise DLPdata patterns and profiles that define what is considered sensitive data that must be blocked.
- Enable role-based access forSaaS Security Inlineif the license is active.Review the role privileges if you're assigning a predefined role to the admin. Role-based access toSaaS Security Inlinecan give your admin the privileges to tag and configure the risk score for GenAI apps.
- Submit.
Enable Role Based Access for AI Access Security (Prisma Access Managed by
Strata Cloud Manager)
AI Access Security
(Prisma Access
Managed by
Strata Cloud Manager
)Enable role-based access to
AI Access Security
for Prisma Access (Managed by Strata Cloud Manager)
.- Use one of the various ways to accessIdentity & Access.
- This step is required only if the user for which you’re grantingAI Access Securityaccess isn't already registered with the Palo Alto Networks Customer Support Portal (CSP).
- Assign role-based access forAI Access Security.You don't need to configure a tenant role for a user if access to onlyEnterprise DLPis required.
- SelectUserand for theIdentity Address, enter the email address for which you granted access in the previous step.
- ForApps & Services, select.AI Access Security
- Select a predefinedCommon ServicesRole.
- Add Anotherto enable additional role-based access to subscriptions for the admin onStrata Cloud Manager.ClickAdd Anotherfor each subscription you want to enable role-based access. Skip this step if you only want to enable role-based access toAI Access Security.
- Enable role-based access forPrisma Access.This controls which parts ofStrata Cloud Managerthe admin has access to. For example, if the assigned role privilege does not allow the admin access to Web Security policy rules then the admin can't implement policy rules to control access to GenAI apps.
- Enable role-based access forEnterprise Data Loss Prevention (E-DLP).This defines the access privileges to configureEnterprise DLPdata patterns and profiles that define what is considered sensitive data that must be blocked.
- Enable role-based access forSaaS Security Inlineif the license is active.Review the role privileges if you're assigning a predefined role to the admin. Role-based access toSaaS Security Inlinecan give your admin the privileges to tag and configure the risk score for GenAI apps.
- Submit.