PAN Resource Names
Table of Contents
Expand all | Collapse all
-
- Add an Identity Federation
- Manually Configure a SAML Identity Provider
- Upload SAML Identity Provider Metadata
- Get the URL of a SAML Identity Provider
- Clone SAML Identity Provider Configuration
- Add an Identity Federation Owner
- Delete an Identity Federation Owner
- Configure Palo Alto Networks as a Service Provider
- Delete an Identity Federation
- Map a Tenant for Authorization
- Update Tenant Mapping for Authorization
- PAN Resource Name Mapping Properties
PAN Resource Names
Learn how to use access policy resource names for tenant mapping through the
Common Services
. When assigning an access policy to a user or a service account (such as in mapping a tenant for SAML authorization purposes), the PAN Resource Name
identifies the tenant or tenant service group (TSG) hierarchy where you are applying
access policies.
Properties for Predefined Roles
The properties available for assigning an access policy with a predefined role
follow:
Property | Description | Required |
---|---|---|
predefined_role_name | The role name as listed in all roles, not as displayed in the
UI label. | Required |
prn | Property resource name. Must be "prn". | Required |
tsg_id | The tenant service group ID as displayed in the UI. | Required |
app_id | See the documentation for specific apps. | Optional |
region | Reserved | Reserved |
instance | Reserved | Reserved |
resource_scope | Reserved | Reserved |
Use the properties in the following format:
<predefined_role_name>@prn:<TSG_ID>:<app_id>:<region>:<instance>:<resource_scope>
Example:
superuser@prn:1234567890::::
Properties for Custom Roles
The properties available for assigning an access policy with a custom role
follow:
Property | Description | Required |
---|---|---|
custom_role_id | The role ID as displayed in the Custom Role ID
column in the format of
name:number . | Required |
prn | Property resource name. Must be "prn". | Required |
tsg_id | The tenant service group ID as displayed in the UI. | Required |
app_id | See the documentation for specific apps. | Optional |
region | Reserved | Reserved |
instance | Reserved | Reserved |
resource_scope | Reserved | Reserved |
Use the properties in the following format:
<custom_role_ID>@prn:<TSG_ID>:<app_id>:<region>:<instance>:<resource_scope>
Example:
role:0987654321@prn:1234567890::::