Cortex XDR enables you to manage roles and permissions for a single tenant or a number of tenants at the same time using the Permission Management console.
You can manage roles and permissions for a single tenant or a number of tenants at the same time using the
Permission Managementconsole, which is accessible via the Cortex Gateway. The
Permission Managementconsole is used for first time activations. To create and assign roles, you must first activate your
XDRtenant and be assigned a XDR Account Admin role in the
Permission Managementconsole is divided into two subcategories,
Roles, which you can view on separate pages.
XDRlists all the users allocated to a specific Customer Support Portal (CSP) account and tenant name. If a user is not listed, ensure that the user is added in the Customer Support Portal. The
Permissionstable provides different fields of information as detailed below. You can select whether to
Show User Subsetto display only the users who are not designated as a
Hiddenuser (default). For example, this is useful when you have users, who are not related to
XDRand will not be designated with a
XDRrole, such as CSP Super Users, and you want to hide them from the list. You can also select whether to
- Tenant—Name of the tenant the user has permission to access. Next to the user name, expand ( ) to view the tenant name.
- Direct XDR Role—Name of the role assigned specifically to the user that is not inherited from somewhere else, such as a User Group. Next to the user name, expand ( ) to view the role assigned per tenant, if the user does not have anyCortexXDRaccess permission that are assigned specifically to them, the field displaysNo-Role.
- Groups—Lists the groups that a user belongs to, where any group imported from Active Directory has the lettersADadded beside the group name.
- Group Roles—Lists the different group roles based on the groups the user belongs to. When you hover over the group role, the group associated with this role is displayed.
- Last Login Time—Last date and time the user accessed the tenant.
- Status—Displays whether the user isActiveorInactive.
XDRlists the Predefined User Roles for Cortex XDR and custom defined roles. Use roles to assign specific view and action access privileges to administrative user accounts. The way you configure administrative access depends on the security requirements of your organization. The built-in roles provide specific access rights that cannot be changed. The roles you create provide more granular access control.
Rolestable provides the following fields of information.
- Role Name—Name of the role.
- Created By—Displays one of the following options depending on whether the role is a custom role created by a user or a predefined role.
- Palo Alto Networks—Predefined role granting user permissions in all tenants.
- <user email address> —Custom role created in theCortexGateway granting user permission in all tenants.
- <user email address> —Custom role created in theCortexXDRapp granting user permission that specific tenant alone.
- Tenant—Name of the tenant the role applies to according to where the role was created;CortexGateway orCortexXDRapp.
- Description—Description of the role.
- Creation Time—Date and time when the role was created. The field is available for only a custom role.
- Modification Time—Date and time of when the role was last updated. The field is available for only a custom role.
- Select.Tenant NavigatorCortex GatewayPermission Management
- Manage yourCortexXDRroles and permissions.If you are managing more than one CSP account, select the account you want to display the available roles. If you only manage one CSP account,CortexXDRonly displays the roles available on your tenant.In theRolestable, the following options are available to help you manage roles.
- Create a custom role based on Cortex XDR Predefined roles.
- Locate the predefined role that you want to base your custom role on, right-click and selectSave As New Role.
- In theCreate Rolewindow, specify aRole Nameand update theDescription.
- Update theViewsandActionspermissions you want the role to include andCreatethe role.
- Create and save new roles based on the granular permission.
- SelectNew Role.
- In theCreate Rolewindow, specify aRole NameandDescription.
- Select theViewsandActionspermissions you want the role to include andCreatethe role.
- Edit role permissions (only available for roles you create).
- Locate the custom role you want to edit, right-click and selectEdit Role.
- In theEdit Rolewindow, update theViewsandActionspermissions you want the role to include andEditthe role.
- Assign roles to aCortexXDRuser.In thePermissionspage, select theAccount Name. The following options are available to help you manage permissions. You can assign roles to one or more users at a time.
- Assign permissions to a user that does not have a role.
- Hover over the user name and select , located to the right of the row, toAdd Permissions.
- In theAdd Permissionswindow, select from the list ofAvailable Tenantsfor which you want to grant permissions.
- Select a role from either theDefault RolesorCustom Rolesyou want to assign the user andAddthe role to the user.
- Update permission for users with an exiting role.
- Hover over the user name and select , located to the right of the row, toUpdate Permissions.
- In theUpdate Permissionswindow, select a role from either theDefault RolesorCustom Rolesyou want to assign the user andUpdatethe role.
- Deactivate a user.Locate the user you want to deactivate, right-click, and selectDeactivate User.
- Designate a user as hidden.Locate the user you want to hide, right-click, and selectHide User. When a user is designated as hidden, the user will no longer be displayed in thePermissionstable when the table is configured toShow User Subset(default configuration).
- Manage User Scope
Recommended For You
Recommended videos not found.