>
    Strata Copilot
    Role-Based Access Control in ADEM
    Focus
    Download PDF
    Focus
    1. Home
    2. Autonomous DEM
    3. Role-Based Access Control in ADEM
    Download PDF
    Autonomous DEM

    Role-Based Access Control in ADEM

    Table of Contents

    Role-Based Access Control in ADEM

    Autonomous Digital Experience Management (ADEM) provides role-based access control to IT Administrators by assigning a predefined role.
    Where Can I Use This?What Do I Need?
    • Prisma Access (Managed by Strata Cloud Manager)
    • Prisma Access (Managed by Panorama)
    • Prisma Access license
    • Autonomous DEM license
    Autonomous Digital Experience Management (ADEM) provides role-based access control to IT Administrators by assigning a predefined role. The predefined roles you assign define which features of Autonomous DEM they have full or partial read and write access privileges. Review the table below to understand the predefined roles that grant role-based access to Autonomous DEM. For detailed information about all predefined roles and what other access privileges they grant, review the roles and permissions.
    Custom roles are not supported for Autonomous DEM.
    Predefined Autonomous DEM User RoleDescriptionPrivileges
    ADEM Tier 1 Support
    (For Prisma Access & NGFW Configuration or Prisma SD-WAN)
    		Available only for Prisma Access tenants that have migrated to the Prisma SASE platform. The role is for use with the Prisma Access app and does not include access to other Prisma Access services, dashboards, or Strata Logging Service logs. Provides read-only access to specific incident remediation workflows for only Prisma Access Autonomous Digital Experience Management (ADEM). Assign this role to third-party helpdesk employees, tier 2 and 3 support, or administrators who only need ADEM access.
    • View overall NetSec Health for User, Sites, and Applications
    • View Application Experience dashboard, widgets, and performance data for all monitored applications
    • View the list of existing application tests and their configurations
    • View the Real User Monitoring (RUM) results and data
    • View performance and experience data for all Prisma Access locations
    • View Branch Sites Experience
    • View experience monitoring data specifically from Prisma SD-WAN sites
    • View experience monitoring data specifically from NGFW SD-WAN sites
    • View the current configuration for the RUM plug-in
    • View only access to Canary Upgrade
    • View only access to Access Experience agent management
    • View the current configuration for ADEM Self Serve
    • Threats column is not visible under Insights > Activity Insights > Users > All Users/Hosts table
    • View only access to Prisma Access Incidents, App Acceleration, ADEM specific configuration settings
    ADEM Tier 2 Support
    (For Prisma Access & NGFW Configuration or Prisma SD-WAN)
    		Provides read and write access to specific incident remediation workflows for Prisma Access Autonomous Digital Experience Management (ADEM). This role is for use with the Prisma Access app and does not include access to other Prisma Access services, dashboards, or Strata Logging Service logs. Assign this role for third-party helpdesk employees, tier 2 and 3 support, or administrators who only need ADEM access.
    • Create, edit, delete, enable, and disable ADEM application tests, Application Suites, and manage Real User Monitoring (RUM) results
    • Manage Canary Groups (add/delete users) and Upgrades
    • Delete MU and RN agents
    • Enable/disable monitoring users and sites
    • Enable, disable, and modify the configuration for the browser plug-in
    • Enable, disable, and modify the configuration for Self Serve
    • Read and write query in Access Analyzer
    • View only access to Prisma Access Incidents

    © 2026 Palo Alto Networks, Inc. All rights reserved.