Manage Roles
Role-based access control (RBAC) enables you
to use roles or specific permissions to assign access rights to
administrative users. You can manage roles for all Cortex apps and
services in the hub. By assigning roles, you enforce the separation
of viewing access and initiating actions among functional or regional
areas of your organization. The following options are available
to help you manage access rights:
- Create and save new roles based on the granular permission
- Edit role permissions (available for roles you create)
- Assign permissions to users without saving a role
Use roles to assign specific view and action
access privileges to administrative user accounts. The way you configure
administrative access depends on the security requirements of your
organization. The built-in roles provide specific access rights
that cannot be changed. The roles you create provide more granular
access control.
When your organization purchases Cortex XDR,
the Account Administrator can use the Palo Alto Networks hub to
assign roles to other members that have accounts in the Customer
Support Portal.
To activate Cortex XDR apps, you must be assigned
either the Account Administrator or App Administrator role for Cortex
XDR. If you are activating
a new Cortex Data Lake instance you must also be assigned either
administrative role for Cortex Data Lake.
After activation,
Account Administrators can assign additional users roles to manage
your apps. If the user only needs to manage a specific instance
of an app, you can assign the Instance Administrator role.
To
assign the roles, Account Administrators (or users that are assigned
the App Administrator for the relevant app) can take the following
steps:
- If necessary, add a new Customer Support Portal user.To be eligible for role assignment in the hub, the user must have an account in the Customer Support Portal (https://support.paloaltonetworks.com/) and be assigned any of the following Customer Support Portal roles: Super User, Standard User, or Limited User. Skip this step if the user already has a Customer Support Portal account with an appropriate role.
- Manage the level of access for a Cortex XDR user.
- Log in to the hub and select.
Access Management - Use the sidebar to filter users as needed or the search field to search for users.
- Select one or more users and thenAssign Roles.
- In the Assign Roles page for each instance, select one of the following options:
- Assign Permissions—Create a new role or assign selected permissions.
- Cortex XDR Predefined Role—Select one of the predefined Cortex XDR role. SelectRole Definitionsto view a list of the Cortex predefined roles and the allocated views and actions.
- No Role—User is not assigned any view or action access to the Cortex XDR app.
- (Optional) To create a new role:
- After you selectedAssign Permissions, in theAssign Custom Permissionspop-up, select whichIN_APP VIEWSandIN_APP ACTIONSpermissions you want to grant.
- Save As New Roleto create a new role that you can apply to other users, orSaveto apply the selected permissions to the user without a defined role.
The new rule is displayed with User Created (UC) icon. Select the role to apply permissions to the user and thenSave.
- (Optional) To edit or clone a user created role:
- Select.
Access ManagementManage Roles
- In theManage Roles Cortex XDRpage, find your user created role and selectActions.
- Edit Permissions,Clone, orDeleteyour role, as desired.
