>
    Manage: Scope Management
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Cloud Manager
    3. Manage: Access Control
    4. Manage: Scope Management
    Download PDF
    Strata Cloud Manager

    Manage: Scope Management

    Table of Contents

    Manage: Scope Management

    Specify which administrators can access specific folders, firewalls,
    Prisma Access
     deployments, and snippet configurations.
    Where Can I Use This?
    What Do I Need?
    • Prisma Access (Managed by Strata Cloud Manager)
    • NGFW (Managed by Strata Cloud Manager)
    • AIOps for NGFW Premium
       license
      or
      Prisma Access
       license
    Configure scope management to enforce custom role-based access control. This allows you to specify which
    Strata Cloud Manager
     administrators can access and modify specific folders, firewalls,
    Prisma Access
     deployments, and snippet configurations. Defining the scope management for your cloud admins ensures they aren’t overprovisioned and defines the read and writing access privileges for the selected folders, firewalls,
    Prisma Access
    deployments, and snippet configurations. The Common Services Multiple Platform and Enterprise Roles are used to define the read and write access privileges for a
    Strata Cloud Manager
     admin.
    The Scope management configuration is defined across your entire
    Strata Cloud Manager
     tenant. Scope management can’t be defined for a specific folder,
    Prisma Access
    , or firewall Configuration Scope.
    Only a Cloud Management administrator or a superuser can create a scope object. The Scope Management widget is not available for users with other roles.
    1. Log in to
      Strata Cloud Manager
      .
    2. Select
      Manage
      Access Control
      Scope Management
      .
    3. Create New Scope
      .
    4. Define the Scope Management configuration.
      Scope Management configurations are labeled as a
      scope object
      .
      1. Enter a descriptive
        Name
        .
      2. Select
        Folders
         and check (enable) the folders, firewalls, and
        Prisma Access
         deployments you want to include in the scope.
        Selecting a firewall also includes the folder that the selected firewall is associated with in the scope management configuration. Only the immediately associated folder is included, and not the parent folder.
      3. Select
        Snippets
         and check (enable) the snippets you want to include.
      4. Add
         the scope object.
    5. Apply the scope management configuration to
      Strata Cloud Manager
       admins.
      1. Assign Users
         to the Scope Object you created in the previous step.
      2. Select a
        Role
         for the
        Strata Cloud Manager
         admin. For example, you can select MSP Superuser for a user who needs access to all functions for all tenants.
        Default is
        None
        . See the Common Services Multiple Platform and Enterprise Roles for more information about the read and write access privileges for each available Role.
        Select a specific
        Strata Cloud Manager
         admin and
        Clear Role
         to remove the currently assigned Common Services role. This applies the default
        None
         role to the admin.
      3. To modify an existing scope to edit the name, and to add or remove folders, select the scope object, modify the scope as needed, and
        Update
         the scope.
      4. To modify the assigned users, to add more users or change the users, click
        Assigned Users
         and modify as needed, and
        Close
         the window.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.