FedRAMP
Role Based Access Control in ADEM
Table of Contents
Role Based Access Control in ADEM
Where Can I Use This? | What Do I Need? |
|---|---|
|
|
ADEM provides role-based access control to the IT Administrators.
Administrators who log in with ADEM Tier 1 Support role get read-only access to the ADEM
application only.
The ADEM Tier 1 Support role is available only for Prisma Access tenants that have
migrated to the Prisma SASE
platform.
To assign the ADEM Tier 1 Support role to an existing user, follow these steps:
- On the bottom left corner of the left pane in the Prisma SASE user interface, click underCommon Services.
![]()
- Select a tenant in the left pane on theCommon Servicespage.
![]()
- ClickAdd. TheIdentity Informationdialog opens.
![]()
- Enter the email address for the user underIdentity Addressand clickNext.
- SelectPrisma Accessin theApps & Servicesmenu.
![]()
- SelectADEM Tier 1 Supportunder theSelect a Rolemenu.
- ClickSubmit.
When Administrators sign in as ADEM Tier 1 Support role, they see the ADEM application
only as follows:
For details on Role-Based Access Control, refer to the documentation on Identity & Access and Manage Identity and Access Through the Prisma SASE
Platform.
ADEM Permissions for the IAM Roles
IAM Role | ADEM Permissions |
|---|---|
superuser | read, write |
view_only_admin | read |
network_admin | read |
security_admin | read |
soc_analyst | read |
auditor | read |
tier_1_support | read |
tier_2_support | read |
iam_admin | none |
data_security_admin | none |
business_admin | none |
msp_superuser | read, write |
msp_iam_admin | none |