Enterprise DLP
Strata Cloud Manager
Table of Contents
Strata Cloud Manager
Strata Cloud Manager
Configure role-based access for
Enterprise Data Loss Prevention (E-DLP)
on Strata Cloud Manager
.Strata Cloud Manager
supports the following roles to grant access privileges for the
Enterprise DLP
app specifically.Predefined Enterprise DLP Role | Privileges |
---|---|
DLP Incident Manager | Read and Write Access — Alerts, Incidents, health and
telemetry, reports, and Audit LogsRead Only Access —Data patterns, profiles, DLP Rules, EDM
data sets, OCR setting, and all DLP settings |
DLP Policy Manager | Read and Write Access — Data patterns, profiles, DLP
Rules, EDM data sets, OCR setting, health and telemetry, audit
logs, alerts, and all DLP settingsNo Access — Incidents and reports |
Multitenant Superuser | Full read and write privileges to Enterprise DLP for all
tenants in the particular multitenant hierarchy where the role
is assigned |
Superuser | Full read and write privileges for Enterprise DLP |
View Only Administrator | Read-only privileges for Enterprise DLP |
- Use one of the various ways to accessIdentity & Access.
- Add Access to your tenant whereEnterprise DLPis active.This step is required only if the user for which you’re grantingEnterprise DLPaccess isn’t already registered with the Palo Alto Networks Customer Support Portal (CSP).
- (Optional) Add a custom role through Common Services.You can use custom roles allow to define which permissions are enforced for your users and allow more granular access control toEnterprise DLPthan predefined roles.The access permissions applied to theData Loss Preventionparent node determines the lowest access privilege you can assign to any of its child node. For example, if you want provideNo AccessandRead Onlyto some areas ofEnterprise DLP, you must first assignNo Accessto theEnterprise DLPapplication.Below is an example of a customEnterprise DLProle. The custom role is configured with no access privileges to Audit Logs or any of theEnterprise DLPsettings. However, read-only access is configured for the Health & Telemetry and DLP Incidents, and full read and write privileges are configured for Data Profiles, all Detection Methods, Document Types, and DLP Rules.
- Assign role-based access forEnterprise DLP.You don’t need to configuring a tenant role for a user if access to onlyEnterprise DLPis required.
- SelectUserand for theIdentity Address, enter the email address for which you granted access in the previous step.
- ForApps & Services, select.Enterprise DLP
- Select a predefined or customEnterprise DLPRole.
- Submit.
- Continue based on yourEnterprise DLPaccess privileges.