>
    Strata Copilot
    Enable Role Based Access to Advanced IP Defense
    Focus
    Download PDF
    Focus
    1. Home
    2. Advanced IP Defense
    3. Enable Role Based Access to Advanced IP Defense
    Download PDF
    Advanced IP Defense

    Enable Role Based Access to Advanced IP Defense

    Table of Contents

    Enable Role Based Access to Advanced IP Defense

    Configure role-based access to Advanced IP Defense by assigning predefined or custom roles to your security administrators.
    Where Can I Use This?What Do I Need?
    • NGFW (Managed by Strata Cloud Manager)
    • NGFW (Managed by PAN-OS or the Panorama® management server)
    • VM-Series
    • Cloud NGFW for AWS
    • Cloud NGFW on Azure
    • Prisma Access
    • Advanced IP Defense license
    • PAN-OS 12.2 and later
    Configure role-based access to Advanced IP Defense to control which security administrators can view and modify Advanced IP Defense profiles, zones, and logs. The predefined roles you assign define which parts of Advanced IP Defense each administrator can access. For detailed information about all predefined roles and their complete access privileges, review the Roles and Permissions.
    Predefined Role
    Privileges
    Superuser
    Full read and write privileges for the tenant, including Advanced IP Defense profile configuration, zone attachment, and log access.
    Security Administrator
    Read and write access for Advanced IP Defense profile configuration and zone attachment.
    Multitenant Superuser
    Full read and write privileges for all available system-wide functions, including Advanced IP Defense, for all tenants in the multitenant hierarchy where the role is assigned.
    View Only Administrator
    Read-only privileges for Advanced IP Defense profiles, zone configurations, and logs.

    © 2026 Palo Alto Networks, Inc. All rights reserved.