Using Roles to Manage App Access

The roles assigned to your account determine what you are able to do with any given Cortex app.
Roles are used to identify the level of access that any given user has to an app. Some roles are administrative in nature — they allow a user to assign roles to other users — while other roles indicate what level of access a user has for a given app instance. For this latter case, all apps have a standard role called Instance Administrator. But some apps offer additional roles that allow allows for fine-grained control of user access to the app.
Currently, only apps developed by Palo Alto Networks can use custom roles. If an app has implemented granular roles, see that app's product documentation for information about what a user can do when assigned a particular role.
To manage roles, navigate to gearManage Roles.
assign-roles.png
This takes you to the Manage Roles page.
role-management-ui.png

Related Documentation