>
    Enable Role Based to AI Access Security
    Focus
    Download PDF
    Focus
    1. Home
    2. AI Access Security
    3. Enable Role Based to AI Access Security
    Download PDF
    AI Access Security

    Enable Role Based to AI Access Security

    Table of Contents

    Enable Role Based to
    AI Access Security

    Enable role-based access to
    AI Access Security
    .
    Where Can I Use This?
    What Do I Need?
    • NGFW (Managed by Panorama or Strata Cloud Manager)
    • Prisma Access (Managed by Panorama or Strata Cloud Manager)
    One of the following:
    • AI Access Security
       license
    • CASB-PA license
    • CASB-X
       license
    Review the table below to understand the predefined
    Common Services
     roles that grant role-based access to
    AI Access Security
    . This information pertains only to access privileges specific to
    AI Access Security
    . For detailed information about the predefined roles and what other access privileges they grant, review the
    Common Services
     Roles and Permissions.
    Custom roles are not supported.
    Predefined
    AI Access Security
     Role
    Privileges
    Data Security admin
    Full read and write access privileges for
    AI Access Security
    .
    Multitenant Superuser
    Full read and write privileges for all available system-wide functions for all tenants in the particular multitenant hierarchy where the role is assigned
    Security Administrator
    Read and write access for
    AI Access Security
    .
    Superuser
    Full read and write privileges for the tenant, including
    AI Access Security
    .
    In a multienant hierarchy, the Superuser role is specific to a child tenant and not to the top-level parent tenant or to other child tenants.
    View Only Administrator
    Read-only privileges for
    AI Access Security

    NGFW
     and
    Prisma Access
     Managed by
    Strata Cloud Manager

    Enable role-based access to
    AI Access Security
     for
    NGFW (Managed by Strata Cloud Manager)
     and
    Prisma Access (Managed by Strata Cloud Manager)
    .
    1. Use one of the various ways to access
      Identity & Access
      .
    2. (
      New users only
      ) Add Access to your tenant where
      AI Access Security
       is active.
      This step is required only if the user for which you’re granting
      AI Access Security
       access isn’t already registered with the Palo Alto Networks Customer Support Portal (CSP).
    3. Assign role-based access for
      AI Access Security
      .
      You don’t need to configuring a tenant role for a user if access to only
      Enterprise DLP
       is required.
      1. Select
        User
         and for the
        Identity Address
        , enter the email address for which you granted access in the previous step.
      2. For
        Apps & Services
        , select
        AI Access Security
        .
      3. Select a predefined
        Common Services
        Role
        .
    4. Add Another
       to enable additional role-based access to subscriptions for the admin on
      Strata Cloud Manager
      .
      You must click
      Add Another
       for each you subscription you want to enable role-based access. Skip this step if you only want to enable role-based access to
      AI Access Security
      .
      1. Enable role-based access for
        Prisma Access
        .
        This controls which parts of
        Strata Cloud Manager
         the admin has access to. For example, if the assigned role privileges does not allow the admin access to Web Security policy rules then the admin cannot implement policy rules to control access to GenAI apps.
      2. Enable role-based access for
        Enterprise Data Loss Prevention (E-DLP)
        .
        This defines the access privileges to configure
        Enterprise DLP
         data patterns and profiles which define is what considered sensitive data that must be blocked.
      3. Add Another
        and enable role-based access for
        SaaS Security Inline
         on
        Strata Cloud Manager
        .
        Review the role privileges if you are assigning a predefined role to the admin. Role based access to
        SaaS Security Inline
         can giver your admin the privileges to tag and configure the risk score for GenAI apps.
    5. Submit
      .

    NGFW
     and
    Prisma Access
     Managed by
    Panorama

    Enable role-based access to
    AI Access Security
     for
    NGFW (Managed by Panorama)
     and
    Prisma Access (Managed by Panorama)
    .
    1. (
      Prisma Access
      ) Enable role-based access for
      Prisma Access (Managed by Panorama)
      .
      This defines which admins can push configuration changes from
      Panorama
       to your
      Prisma Access
       tenants.
    2. (
      Optional
      ) Enable role-based access for
      Enterprise Data Loss Prevention (E-DLP)
       for your
      NGFW
       and
      Prisma Access
       on
      Panorama
      .
      This defines the access privileges to configure
      Enterprise DLP
       data patterns and profiles which define what is considered sensitive data that must be blocked. Skip this step if you have already configured role-based access to
      Enterprise DLP
       or do not want to configure access to
      Enterprise DLP
       for the user.
    3. Assign role-based access for
      AI Access Security
      .
      You don’t need to configuring a tenant role for a user if access to only
      Enterprise DLP
       is required.
      1. Select
        User
         and for the
        Identity Address
        , enter the email address for which you granted access in the previous step.
      2. For
        Apps & Services
        , select
        AI Access Security
        .
      3. Select a predefined
        Common Services
        Role
        .
    4. Add Another
       to enable additional role-based access to subscriptions for the admin on
      Strata Cloud Manager
      .
      You must click
      Add Another
       for each you subscription you want to enable role-based access. Skip this step if you only want to enable role-based access to
      AI Access Security
      .
      1. Enable role-based access for
        Prisma Access
        .
        This controls which parts of
        Strata Cloud Manager
         the admin has access to. For example, if the assigned role privileges does not allow the admin access to Web Security policy rules then the admin cannot implement policy rules to control access to GenAI apps.
      2. Enable role-based access for
        Enterprise Data Loss Prevention (E-DLP)
         on
        Strata Cloud Manager
        .
        This defines the access privileges to configure
        Enterprise DLP
         data patterns and profiles which define is what considered sensitive data that must be blocked.
      3. Add Another
        and enable role-based access for
        SaaS Security Inline
         on
        Strata Cloud Manager
        .
        Review the role privileges if you are assigning a predefined role to the admin. Role based access to
        SaaS Security Inline
         can giver your admin the privileges to tag and configure the risk score for GenAI apps.
    5. Submit
      .

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.