AI Access Security
Enable Role Based to AI Access Security
Table of Contents
Expand All
|
Collapse All
AI Access Security Docs
Enable Role Based to AI Access Security
Enable role-based access to AI Access Security.
Where Can I Use This? | What Do I Need? |
---|---|
|
One of the following:
|
Review the table below to understand the predefined Common Services roles that
grant role-based access to AI Access Security. This information pertains
only to access privileges specific to AI Access Security. For detailed
information about the predefined roles and what other access privileges they grant,
review the Common Services
Roles and Permissions.
Custom roles are not supported.
Predefined AI Access Security Role
|
Privileges
|
---|---|
Data Security admin
|
Full read and write access privileges for AI Access Security.
|
Multitenant Superuser
|
Full read and write privileges for all available system-wide
functions for all tenants in the particular multitenant
hierarchy where the role is assigned
|
Security Administrator
|
Read and write access for AI Access Security.
|
Superuser
|
Full read and write privileges for the tenant, includingAI Access Security.
In a multienant hierarchy, the Superuser role is specific to a
child tenant and not
to the top-level parent tenant or to other child tenants.
|
View Only Administrator
|
Read-only privileges for AI Access Security
|
NGFW and Prisma Access Managed by Strata Cloud Manager
Enable role-based access to AI Access Security for NGFW (Managed by Strata Cloud Manager) and Prisma Access (Managed by Strata Cloud Manager).
- Use one of the various ways to access Identity & Access.
- (New users only) Add Access to your tenant where AI Access Security is active.This step is required only if the user for which you’re granting AI Access Security access isn’t already registered with the Palo Alto Networks Customer Support Portal (CSP).
- Assign role-based access for AI Access Security.You don’t need to configuring a tenant role for a user if access to only Enterprise DLP is required.
- Select User and for the Identity Address, enter the email address for which you granted access in the previous step.
- For Apps & Services, select AI Access Security.
- Select a predefined Common Services Role.
- Add Another to enable additional role-based access to
subscriptions for the admin on Strata Cloud Manager.You must click Add Another for each you subscription you want to enable role-based access. Skip this step if you only want to enable role-based access to AI Access Security.
-
Enable role-based access for
Prisma Access.This controls which parts of Strata Cloud Manager the admin has access to. For example, if the assigned role privileges does not allow the admin access to Web Security policy rules then the admin cannot implement policy rules to control access to GenAI apps.
- Enable role-based access for
Enterprise Data Loss Prevention (E-DLP).This defines the access privileges to configure Enterprise DLP data patterns and profiles which define is what considered sensitive data that must be blocked.
- Add Another and enable role-based access for
SaaS Security Inline on Strata Cloud Manager.Review the role privileges if you are assigning a predefined role to the admin. Role based access to SaaS Security Inline can giver your admin the privileges to tag and configure the risk score for GenAI apps.
-
Enable role-based access for
Prisma Access.
- Submit.
NGFW and Prisma Access Managed by Panorama
Enable role-based access to AI Access Security for NGFW (Managed by Panorama) and Prisma Access (Managed by Panorama).
- (Prisma Access) Enable role-based access for Prisma Access (Managed by Panorama).This defines which admins can push configuration changes from Panorama to your Prisma Access tenants.
- (Optional) Enable role-based access for Enterprise Data Loss Prevention (E-DLP) for your NGFW and Prisma Access on
Panorama.This defines the access privileges to configure Enterprise DLP data patterns and profiles which define what is considered sensitive data that must be blocked. Skip this step if you have already configured role-based access to Enterprise DLP or do not want to configure access to Enterprise DLP for the user.
- Assign role-based access for AI Access Security.You don’t need to configuring a tenant role for a user if access to only Enterprise DLP is required.
- Select User and for the Identity Address, enter the email address for which you granted access in the previous step.
- For Apps & Services, select AI Access Security.
- Select a predefined Common Services Role.
- Add Another to enable additional role-based access to
subscriptions for the admin on Strata Cloud Manager.You must click Add Another for each you subscription you want to enable role-based access. Skip this step if you only want to enable role-based access to AI Access Security.
-
Enable role-based access for
Prisma Access.This controls which parts of Strata Cloud Manager the admin has access to. For example, if the assigned role privileges does not allow the admin access to Web Security policy rules then the admin cannot implement policy rules to control access to GenAI apps.
- Enable role-based access for
Enterprise Data Loss Prevention (E-DLP) on Strata Cloud Manager.This defines the access privileges to configure Enterprise DLP data patterns and profiles which define is what considered sensitive data that must be blocked.
- Add Another and enable role-based access for
SaaS Security Inline on Strata Cloud Manager.Review the role privileges if you are assigning a predefined role to the admin. Role based access to SaaS Security Inline can giver your admin the privileges to tag and configure the risk score for GenAI apps.
-
Enable role-based access for
Prisma Access.
- Submit.