Prisma Access
Create a Tenant-Level Administrative User
Table of Contents
Create a Tenant-Level Administrative User
Where Can I Use
This? | What Do I Need? |
|---|---|
|
|
You should create an administrative user for
each tenant. In that way, a tenant-level administrator can view
and make changes to their tenant configuration but doesn’t have
access to other tenants. To create an administrative user for a specific
tenant, complete the following task. For more information about
role-based access control (RBAC) for tenant-level administrative
users, see Control Role-Based Access for Tenant-Level Administrative Users.
Users
who manage single tenants cannot see the system logs because the choice
is not available. This limitation applies to all Administrators
who have an administrative role of
Device Group and Template
.
Only superusers can view system logs in multitenancy mode.- Create an administrative role with a type ofDevice Group and Template.
- Select .
- Addan Admin Role Profile with aRoleofDevice Group and Template.
- ClickOK.You can create a single Admin Role Profile and share it across multiple tenants; however, you must create a separate administrator for each tenant.While you tailor the administrative role for the needs of your organization, we recommend deselectingCommit for Other Admins. Deselecting this choice allows a tenant-level user to commit only the changes they have made, and prevents them from unintentionally committing other changes that other tenant-level administrative users have made that are not yet committed.
- Create and configure an Administrator for the tenant.
- Select .
- Addan Administrator.
- Enter and confirm aPasswordfor the new Administrator.
- Specify anAdministrator TypeofDevice Group and Template Admin.
- Specify theAccess Domainthat is associated with the device groups for that tenant.
- Specify theAdmin Rolethat you created in Step 1 for the tenant.
- ClickOK.
- Select andCommityour changes.