Because you associated the access domain to the device
groups and template stacks for the tenant, the tenant-level administrative
user has RBAC access at the tenant level and is able to perform
configuration for that tenant only. Because you did not associate
the access domain with a tenant in
Prisma Access
, the access domain
is unable to view the Cloud Services plugin, which provides access
to
Prisma Access
. In this way, you create a user who can perform
tenant-level configuration tasks without being able to access, view,
or make configuration changes to
Prisma Access
.