FedRAMP
Role Based Access Control in ADEM
Table of Contents
Role Based Access Control in ADEM
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
ADEM provides role-based access control to the IT Administrators.
Administrators who log in with ADEM Tier 1 Support role get read-only access to the ADEM
application only.
The ADEM Tier 1 Support role is available only for Prisma Access tenants that have
migrated to the Prisma SASE
platform.
To assign the ADEM Tier 1 Support role to an existing user, follow these steps:
-
On the bottom left corner of the left pane in the Prisma SASE user interface, click under Common Services.
![]()
-
Select a tenant in the left pane on the Common Services page.
![]()
-
Click Add. The Identity Information dialog opens.
![]()
-
Enter the email address for the user under Identity Address and click Next.
-
Select Prisma Access in the Apps & Services menu.
![]()
-
Select ADEM Tier 1 Support under the Select a Role menu.
-
Click Submit.
When Administrators sign in as ADEM Tier 1 Support role, they see the ADEM application
only as follows:
For details on Role-Based Access Control, refer to the documentation on Identity & Access and Manage Identity and Access Through the Prisma SASE
Platform.
ADEM Permissions for the IAM Roles
| IAM Role | ADEM Permissions |
|---|---|
| superuser | read, write |
| view_only_admin | read |
| network_admin | read |
| security_admin | read |
| soc_analyst | read |
| auditor | read |
| tier_1_support | read |
| tier_2_support | read |
| iam_admin | none |
| data_security_admin | none |
| business_admin | none |
| msp_superuser | read, write |
| msp_iam_admin | none |