Assign a Predefined Role to a Tenant User or Service Account Through Common Services
Table of Contents
Assign a Predefined Role to a Tenant User or Service Account Through Common Services
Learn how to assign a role to a Common Services tenant
user or service account.
Before you can assign a role to a user for
the first time, you must add user access.
Adding a role to a service account is optional. If you already added
users or service accounts and want to add additional roles, you
can also assign a batch of
predefined roles. (Review additional information about roles and
permissions).
- When you add user access or add a service account and you select Next, you are directed to Assign Roles.
- Select an option from Apps & Services. You can select All Apps & Services to give the account full, unrestricted access, or select a specific app or service, such as Prisma Access, to provide more granular access. For more information, read about roles and permissions.
- Select one Role or multiple. For example, you can select Multitenant Superuser for a user who needs access to all functions for all tenants in a multitenant hierarchy.
Any role assigned to a user or service account at the parent level of the hierarchy is inherited by that user at the child level by default. Inherited roles display a lock icon and a hover message that they cannot be deleted.![]()
(Optional) Select i to view further details about the role. If you need more granular information about the privileges, view role permissions.(Optional) Add Another apps, service, or role and repeat as necessary.Submit your changes.
