Strata Cloud Manager

Use one of the various ways to access
Identity & Access
.
Add Access to your tenant where
Enterprise DLP
is active.
This step is required only if the user for which you’re granting
Enterprise DLP
access isn’t already registered with the Palo Alto Networks Customer Support Portal (CSP).
(
Optional
) Add a custom role through Common Services.
You can use custom roles allow to define which permissions are enforced for your users and allow more granular access control to
Enterprise DLP
than predefined roles.
The access permissions applied to the
Data Loss Prevention
parent node determines the lowest access privilege you can assign to any of its child node. For example, if you want provide
No Access
and
Read Only
to some areas of
Enterprise DLP
, you must first assign
No Access
to the
Enterprise DLP
application.
Below is an example of a custom
Enterprise DLP
role. The custom role is configured with no access privileges to Audit Logs or any of the
Enterprise DLP
settings. However, read-only access is configured for the Health & Telemetry and DLP Incidents, and full read and write privileges are configured for Data Profiles, all Detection Methods, Document Types, and DLP Rules.

Assign role-based access for
Enterprise DLP
.
You don’t need to configuring a tenant role for a user if access to only
Enterprise DLP
is required.
Select
User
and for the
Identity Address
, enter the email address for which you granted access in the previous step.
For
Apps & Services
, select
Enterprise DLP
.
Select a predefined or custom
Enterprise DLP
Role
.
Submit
.
Continue based on your
Enterprise DLP
access privileges.
Enable Enterprise DLP on
Strata Cloud Manager
Create Data Patterns
Create Data Profiles
Monitor Enterprise DLP