Manage Roles

Role-based access control (RBAC) enables you to use roles or specific permissions to assign access rights to administrative users. You can manage roles for all Cortex apps and services in the hub. By assigning roles, you enforce the separation of viewing access and initiating actions among functional or regional areas of your organization. The following options are available to help you manage access rights:
  • Create and save new roles based on the granular permission
  • Edit role permissions (available for roles you create)
  • Assign permissions to users without saving a role
Use roles to assign specific view and action access privileges to administrative user accounts. The way you configure administrative access depends on the security requirements of your organization. The built-in roles provide specific access rights that cannot be changed. The roles you create provide more granular access control.
When your organization purchases Cortex XDR, the Account Administrator can use the Palo Alto Networks hub to assign roles to other members that have accounts in the Customer Support Portal.
To activate Cortex XDR apps, you must be assigned either the Account Administrator or App Administrator role for Cortex XDR. If you are activating a new Cortex Data Lake instance you must also be assigned either administrative role for Cortex Data Lake.
After activation, Account Administrators can assign additional users roles to manage your apps. If the user only needs to manage a specific instance of an app, you can assign the Instance Administrator role.
To assign the roles, Account Administrators (or users that are assigned the App Administrator for the relevant app) can take the following steps:
  1. To be eligible for role assignment in the hub, the user must have an account in the Customer Support Portal ( and be assigned any of the following Customer Support Portal roles: Super User, Standard User, or Limited User. Skip this step if the user already has a Customer Support Portal account with an appropriate role.
  2. Manage the level of access for a Cortex XDR user.
    1. Log in to the hub and select
      Access Management
    2. Use the sidebar to filter users as needed or the search field to search for users.
    3. Select one or more users and then
      Assign Roles
    4. In the Assign Roles page for each instance, select one of the following options:
      • Assign Permissions
        —Create a new role or assign selected permissions.
      • Cortex XDR Predefined Role
        —Select one of the predefined Cortex XDR role. Select
        Role Definitions
        to view a list of the Cortex predefined roles and the allocated views and actions.
      • No Role
        —User is not assigned any view or action access to the Cortex XDR app.
    5. (
      ) To create a new role:
      1. After you selected
        Assign Permissions
        , in the
        Assign Custom Permissions
        pop-up, select which
        IN_APP VIEWS
        permissions you want to grant.
      2. Save As New Role
        to create a new role that you can apply to other users, or
        to apply the selected permissions to the user without a defined role.
        The new rule is displayed with User Created (UC) icon. Select the role to apply permissions to the user and then
    6. (
      ) To edit or clone a user created role:
      1. Select
        Access Management
        Manage Roles
      2. In the
        Manage Roles Cortex XDR
        page, find your user created role and select
      3. Edit Permissions
        , or
        your role, as desired.

Recommended For You