>
    Strata Copilot
    Role-Based Access Control for Managing and Overriding Security Checks
    Focus
    Download PDF
    Focus
    1. Home
    2. What's New in the NetSec Platform
    3. What's New in the NetSec Platform
    4. November 2024
    5. Role-Based Access Control for Managing and Overriding Security Checks
    Download PDF
    What's New in the NetSec Platform

    Role-Based Access Control for Managing and Overriding Security Checks

    Table of Contents

    Role-Based Access Control for Managing and Overriding Security Checks

    Learn about the new permissions introduced to manage security checks, security check exceptions, and overriding security checks.
    Strata Cloud Manager introduces new permissions to enforce access control for managing security checks, managing security check exceptions, and overriding security check block actions. These permissions offer granular control and enhance security by preventing users from making unauthorized changes to the security checks essential for maintaining compliance. The new permissions are:
    • Manage Security Checks
      Security checks are a set of predefined best practice checks and custom checks that evaluate your configuration and identify deviations.
      To view predefined best practice checks and perform actions such as creating, editing, deleting, or cloning custom checks, you will now need the necessary read and write access for the Manage Security Check permission.
    • Manage Security Check Exceptions
      Security check exceptions allow you to turn off specific security checks for certain devices in your environment.
      To manage and view the security check exceptions, you will now need the necessary read and write access for the Manage Security Check Exception permission.
    • Override Security Check Block Action
      You can override the security check block action in two ways:
      • When you push the configuration to the firewall, you can choose to ignore security check failures and continue with the push operation.
      • When you create or edit a Security Policy Rule, Strata Cloud Manager validates the rules against existing security checks. If the checks fail, you can choose to override and save the rule.
      To perform any of the above override operations, you will now need read and write access for Override Security Check Block Action permission.
    The following table outlines the predefined roles and the associated new permissions:
    • Superuser
      Includes read and write access for the following permissions:
      • Manage Security Checks
      • Manage Security Check Exception
      • Override Security Check Block Action
    • Network Administrator
      Security Administrator
      View Only Administrator
      Includes read-only access for the following permissions:
      • Manage Security Checks
      • Manage Security Check Exception
    For all other predefined roles, Strata Cloud Manager hides the Security Checks and Security Check Exceptions tabs in the Security Posture Settings. Alternatively, you can create or edit existing custom roles and configure the necessary permissions to view, manage, and override security checks.

    © 2025 Palo Alto Networks, Inc. All rights reserved.