Predefined User Roles for Cortex® XDR™
From the hub, you can use predefined roles to easily assign user access to Cortex XDR views and actions.
Role-based access control (RBAC) enables you to use predefined Palo Alto Networks roles to assign access rights to Cortex XDR users. You can manage roles for all Cortex apps and services in the Cortex XDR Gateway and Cortex XDR management console. By assigning roles, you enforce the separation of access among functional or regional areas of your organization.
Each role extends specific privileges to users. The way you configure administrative access depends on the security requirements of your organization. Use roles to assign specific access privileges to administrative user accounts. The Palo Alto roles provide specific access rights that cannot be changed, but can be saved as a new role and edited according to your needs.
The following table describes the Palo Alto Networks predefined roles and the view and action privileges associated with each.
Some features are license-dependent. Accordingly, users may not see a specific feature if the feature is not supported by the license type or if they do not have access based on their assigned role.
Manage and control endpoints and installations, and configure broker VMs.
Full access to the app instance for which this role is assigned.
The Instance Administrator can also make other users an Instance Administrator for the app instance. If the app has predefined or custom roles, the Instance Administrator can assign those roles to other users.
The Instance Administrator can only assign permissions to the other user from the Cortex XDR Management Console.
View and triage alerts and incidents.
View and triage alerts and incidents, configure rules, view endpoint profiles and policies, and Analytics management screens.
Manage and control endpoints and installations, configure broker VMs, view endpoint profiles and policies, and view alerts.
View and triage alerts, incidents and rules, and view endpoint profiles and policies, and Analytics management screens.
Privileged IT Admin
Manage and control endpoints and installations, configure brokers, create profiles and policies, view alerts, and initiate Live Terminal.
View and triage alerts and incidents, access all response capabilities, and configure rules, policies, and profiles.
Privileged Security Admin
Triage and investigate alerts and incident, respond, and edit profiles and policies.
View and triage alerts, and access all response capabilities excluding Live Terminal.
Scoped Endpoint Admin
Access only to product areas that support endpoint scoped based access control (SBAC) - Endpoint Administration, Action Center, Response, Dashboards and Reports.
Triage and investigate alerts and incidents, respond (excluding Live Terminal), and edit profiles and policies.
XDR Account Admin
Full access to the given app(s), including all instances added of the app(s) in the future. App Administrator can assign roles for app instances, and it can also activate app instances specific to that app.
Recommended For You
Recommended videos not found.