Manage Roles
Cortex XDR enables you to manage roles in the Access
Management console.
You
can manage roles for a specific tenant only using the
Cortex
XDR
Access Management
console.In
the
Roles
page, Cortex
XDR
lists the Predefined User Roles for Cortex XDR and custom
defined roles. Use roles to assign specific view and action access
privileges to administrative user accounts. The way you configure
administrative access depends on the security requirements of your
organization. The built-in roles provide specific access rights
that cannot be changed. The roles you create provide more granular
access control.The
following is a description of the different columns in the Roles
table.
- Role Name—Name of the role.
- Created By—Displays either the email address of the user who created a custom role or for predefined roles one of the following options are displayed.
Palo Alto Networks—Predefined role granting user permissions in all tenants.
<user email address> —Custom role created in the gateway granting user permission to this tenant.
<user email address> —Custom role created in theCortexXDRapp granting user permission to this specific tenant.
- Description—Description of the role.
- Creation Time—Date and time when the role was created. The field is available for only a custom role.
- Update Date—Date and time of when the role was last updated. The field is available for only a custom role.
- Custom—Displays a boolean value of eitherYesorNoto indicate whether the role is a custom role.
When
creating a
New Role
or editing an existing
role, you can manage roles for all Cortex
XDR
apps and services in the Components
tab
of the Create Role
window. Role permissions
for the various Cortex
XDR
components are listed
according to the sidebar navigation in Cortex
XDR
. By assigning roles, you enforce the separation of viewing
access and initiating actions among functional or regional areas
of your organization. - Select .
- Manage yourCortexXDRroles.CortexXDRonly displays the roles available on your tenant. To view the roles and permissions for multiple tenants, see Permission Management.In theRolestable, the following options are available to help you manage roles.
- Create a custom role based on Cortex XDR Predefined roles.
- Locate the predefined role that you want to base your custom role on, right-click, and selectSave As New Role.
- Specify aRole Nameand update theDescription.
- In theComponentstab, where the components are listed according to the sidebar navigation inCortexXDR, update the role permissions for eachCortexXDRcomponent toNone,View, orView/Edit. Some components have an additional actions level to define.
- Createthe role.
- Create and save new roles based on the granular permission.
- SelectNew Role.
- Specify aRole NameandDescription.
- In theComponentstab, where the components are listed according to the sidebar navigation inCortexXDR, update the role permissions for eachCortexXDRcomponent toNone,View, orView/Edit. Some components have an additional actions level to define.
- Createthe role.
- Edit role permissions (only available for roles created in the tenant).
- Locate the custom role you want to edit, right-click, and selectEdit Role.
- In theComponentstab of theEdit Rolewindow, where the components are listed according to the sidebar navigation inCortexXDR, update the role permissions for eachCortexXDRcomponent toNone,View, orView/Edit. Some components have an additional actions level to define.
- Editthe role.
