Manage Roles

When your organization purchases Cortex XDR, the Account Administrator can use the Palo Alto Networks hub to assign roles to other members that have accounts in the Customer Support Portal.
To activate Cortex XDR apps, you must be assigned either the Account Administrator or App Administrator role for Cortex XDR. If you are activating a new Cortex Data Lake instance you must also be assigned either administrative role for Cortex Data Lake.
After activation, Account Administrators can assign additional users roles to manage your apps. If the user only needs to manage a specific instance of an app, you can assign the Instance Administrator role.
To assign the roles, Account Administrators (or users that are assigned the App Administrator for the relevant app) can take the following steps:
  1. To be eligible for role assignment in Palo Alto Networks hub, the user must have an account in the Customer Support Portal ( and be assigned any of the following Customer Support Portal roles: Super User, Standard User, or Limited User. Skip this step if the user already has a Customer Support Portal account with an appropriate role.
  2. Manage the level of access for a Cortex user.
    1. Log in to the hub and select
      Manage Roles
    2. Use the sidebar to filter users as needed or the search field to search for users.
    3. Select one or more users and then
      Assign Roles
    4. For each app, select either the
      App Administrator
      role to provide full access to
      All Instances
      Instance Administrator
      to provide access only for specific app instances.
      If you assign the user the
      Account Administrator
      role, then you cannot assign the user any other more granular role. To assign more granular Administrative Roles,
      Remove Account Administrator
      role, then assign the desired granular
      All Instances
      of an app or for a specific app instance.
    5. Save
      and then click
      to confirm the assignment, and you're done.

Recommended For You