Role-based access control (RBAC) enables you to use roles or specific permissions to assign access rights to administrative users. You can manage roles for all Cortex apps and services in the hub. By assigning roles, you enforce the separation of viewing access and initiating actions among functional or regional areas of your organization. The following options are available to help you manage access rights:
- Create and save new roles based on the granular permission
- Edit role permissions (available for roles you create)
- Assign permissions to users without saving a role
Use roles to assign specific view and action access privileges to administrative user accounts. The way you configure administrative access depends on the security requirements of your organization. The built-in roles provide specific access rights that cannot be changed. The roles you create provide more granular access control.
When your organization purchases Cortex XDR, the Account Administrator can use the Palo Alto Networks hub to assign roles to other members that have accounts in the Customer Support Portal.
To activate Cortex XDR apps, you must be assigned either the Account Administrator or App Administrator role for Cortex XDR. If you are activating a new Cortex Data Lake instance you must also be assigned either administrative role for Cortex Data Lake.
After activation, Account Administrators can assign additional users roles to manage your apps. If the user only needs to manage a specific instance of an app, you can assign the Instance Administrator role.
To assign the roles, Account Administrators (or users that are assigned the App Administrator for the relevant app) can take the following steps:
- If necessary, add a new Customer Support Portal user.To be eligible for role assignment in the hub, the user must have an account in the Customer Support Portal (https://support.paloaltonetworks.com/) and be assigned any of the following Customer Support Portal roles: Super User, Standard User, or Limited User. Skip this step if the user already has a Customer Support Portal account with an appropriate role.
- Manage the level of access for a Cortex XDR user.
- Log in to the hub and select.Access Management
- Use the sidebar to filter users as needed or the search field to search for users.
- Select one or more users and thenAssign Roles.
- In the Assign Roles page for each instance, select one of the following options:
- Assign Permissions—Create a new role or assign selected permissions.
- Cortex XDR Predefined Role—Select one of the predefined Cortex XDR role. SelectRole Definitionsto view a list of the Cortex predefined roles and the allocated views and actions.
- No Role—User is not assigned any view or action access to the Cortex XDR app.
- (Optional) To create a new role:
- After you selectedAssign Permissions, in theAssign Custom Permissionspop-up, select whichIN_APP VIEWSandIN_APP ACTIONSpermissions you want to grant.
- Save As New Roleto create a new role that you can apply to other users, orSaveto apply the selected permissions to the user without a defined role.The new rule is displayed with User Created (UC) icon. Select the role to apply permissions to the user and thenSave.
- (Optional) To edit or clone a user created role:
- Select.Access ManagementManage Roles
- In theManage Roles Cortex XDRpage, find your user created role and selectActions.
- Edit Permissions,Clone, orDeleteyour role, as desired.
Recommended For You
Recommended videos not found.