Permission Management

Cortex® XDR™ enables you to manage roles and permissions for a single tenant or a number of tenants at the same time using the
Permission Management
console.
You can manage roles and permissions for a single tenant or a number of tenants at the same time using the Cortex® XDR™
Permission Management
console, which is accessible via the Cortex XDR Gateway. The
Permission Management
console is used for first time activations. To create and assign roles, you must first activate your Cortex XDR tenant and be assigned a XDR Account Admin role in the Cortex XDR Gateway.
The
Permission Management
console is divided into two subcategories,
Permissions
and
Roles
, which you can view on separate pages.
In the
Permissions
page, Cortex XDR lists all the users allocated to a specific CSP account and tenant name. The
Permissions
table provides different fields of information as detailed below. You can select whether to
Show User Subset
to display only the users who are not designated as a
Hidden
user (default). For example, this is useful when you have users, who are not related to Cortex XDR and will not be designated with a Cortex XDR role, such as CSP Super Users, and you want to hide them from the list. You can also select whether to
View By
Users
(default) or
Tenants
.
  • User Name
    —Displays the first and last name of the user and whether the user is a CSP Super User and Account Admin. If the user is allocated to more than one tenant, expand the user name to display the details for each tenant.
  • Email
    —Email address of the user.
  • Tenant
    —Name of the tenant the user has permission to access. Next to the user name, expand ( ) to view the tenant name.
  • XDR Role
    —Name of the role assigned to the user. Next to the user name, expand ( ) to view the role assigned per tenant, if the user does not have any Cortex XDR access permission, the field displays
    No-Role
    .
  • Last Login Time
    —Last date and time the user accessed the tenant.
  • Status
    —Displays whether the user is
    Active
    or
    Inactive
    .
In the
Roles
page, Cortex XDR lists the Predefined User Roles for Cortex® XDR™ and custom defined roles. Use roles to assign specific view and action access privileges to administrative user accounts. The way you configure administrative access depends on the security requirements of your organization. The built-in roles provide specific access rights that cannot be changed. The roles you create provide more granular access control.
The
Roles
table provides the following fields of information.
  • Role Name
    —Name of the role.
  • Created By
    —Displays one of the following options depending on whether the role is a custom role created by a user or a predefined role.
    • Palo Alto Networks
      —Predefined role granting user permissions in all tenants.
    • <
      user email address
      > —Custom role created in the Cortex XDR Gateway granting user permission in all tenants.
    • <
      user email address
      > —Custom role created in the Cortex XDR app granting user permission that specific tenant alone.
  • Tenant
    —Name of the tenant the role applies to according to where the role was created; Cortex XDR Gateway or Cortex XDR app.
  • Description
    —Description of the role.
  • Creation Time
    —Date and time when the role was created. The field is available for only a custom role.
  • Modification Time
    —Date and time of when the role was last updated. The field is available for only a custom role.
  1. Select
    Cortex XDR Gateway
    Permission Management
    .
  2. Manage your Cortex XDR roles and permissions.
    If you are managing more than one CSP account, select the account you want to display the available roles. If you only manage one CSP account, Cortex XDR only displays the roles available on your tenant.
    In the
    Roles
    table, the following options are available to help you manage roles.
    • Create a custom role based on Cortex XDR Predefined roles.
      1. Locate the predefined role that you want to base your custom role on, right-click and select
        Save As New Role
        .
      2. In the
        Create Role
        window, specify a
        Role Name
        and update the
        Description
        .
      3. Update the
        Views
        and
        Actions
        permissions you want the role to include and
        Create
        the role.
    • Create and save new roles based on the granular permission.
      1. Select
        New Role
        .
      2. In the
        Create Role
        window, specify a
        Role Name
        and
        Description
        .
      3. Select the
        Views
        and
        Actions
        permissions you want the role to include and
        Create
        the role.
    • Edit role permissions (only available for roles you create).
      1. Locate the custom role you want to edit, right-click and select
        Edit Role
        .
      2. In the
        Edit Role
        window, update the
        Views
        and
        Actions
        permissions you want the role to include and
        Edit
        the role.
  3. Assign roles to a Cortex XDR user.
    In the
    Permissions
    page, select the
    Account Name
    . The following options are available to help you manage permissions. You can assign roles to one or more users at a time.
    • Assign permissions to a user that does not have a role.
      1. Hover over the user name and select , located to the right of the row, to
        Add Permissions
        .
      2. In the
        Add Permissions
        window, select from the list of
        Available Tenants
        for which you want to grant permissions.
      3. Select a role from either the
        Default Roles
        or
        Custom Roles
        you want to assign the user and
        Add
        the role to the user.
    • Update permission for users with an exiting role.
      1. Hover over the user name and select , located to the right of the row, to
        Update Permissions
        .
      2. In the
        Update Permissions
        window, select a role from either the
        Default Roles
        or
        Custom Roles
        you want to assign the user and
        Update
        the role.
    • Deactivate a user.
      Locate the user you want to deactivate, right-click, and select
      Deactivate User
      .
      You cannot deactivate a user that has a CSP Super User or Account Admin role.
    • Designate a user as hidden.
      Locate the user you want to hide, right-click, and select
      Hide User
      . When a user is designated as hidden, the user will no longer be displayed in the
      Permissions
      table when the table is configured to
      Show User Subset
      (default configuration).

Recommended For You