Cortex® XDR™ enables you to manage roles and permissions for a single tenant or a number of tenants at the same time using the
You can manage roles and permissions for a single tenant or a number of tenants at the same time using the Cortex® XDR™
Permission Managementconsole, which is accessible via the Cortex XDR Gateway. The
Permission Managementconsole is used for first time activations. To create and assign roles, you must first activate your Cortex XDR tenant and be assigned a XDR Account Admin role in the Cortex XDR Gateway.
Permission Managementconsole is divided into two subcategories,
Roles, which you can view on separate pages.
Permissionspage, Cortex XDR lists all the users allocated to a specific CSP account and tenant name. The
Permissionstable provides different fields of information as detailed below. You can select whether to
Show User Subsetto display only the users who are not designated as a
Hiddenuser (default). For example, this is useful when you have users, who are not related to Cortex XDR and will not be designated with a Cortex XDR role, such as CSP Super Users, and you want to hide them from the list. You can also select whether to
- Tenant—Name of the tenant the user has permission to access. Next to the user name, expand ( ) to view the tenant name.
- XDR Role—Name of the role assigned to the user. Next to the user name, expand ( ) to view the role assigned per tenant, if the user does not have any Cortex XDR access permission, the field displaysNo-Role.
- Last Login Time—Last date and time the user accessed the tenant.
- Status—Displays whether the user isActiveorInactive.
Rolespage, Cortex XDR lists the Predefined User Roles for Cortex® XDR™ and custom defined roles. Use roles to assign specific view and action access privileges to administrative user accounts. The way you configure administrative access depends on the security requirements of your organization. The built-in roles provide specific access rights that cannot be changed. The roles you create provide more granular access control.
Rolestable provides the following fields of information.
- Role Name—Name of the role.
- Created By—Displays one of the following options depending on whether the role is a custom role created by a user or a predefined role.
- Palo Alto Networks—Predefined role granting user permissions in all tenants.
- <user email address> —Custom role created in the Cortex XDR Gateway granting user permission in all tenants.
- <user email address> —Custom role created in the Cortex XDR app granting user permission that specific tenant alone.
- Tenant—Name of the tenant the role applies to according to where the role was created; Cortex XDR Gateway or Cortex XDR app.
- Description—Description of the role.
- Creation Time—Date and time when the role was created. The field is available for only a custom role.
- Modification Time—Date and time of when the role was last updated. The field is available for only a custom role.
- Select.Cortex XDR GatewayPermission Management
- Manage your Cortex XDR roles and permissions.If you are managing more than one CSP account, select the account you want to display the available roles. If you only manage one CSP account, Cortex XDR only displays the roles available on your tenant.In theRolestable, the following options are available to help you manage roles.
- Create a custom role based on Cortex XDR Predefined roles.
- Locate the predefined role that you want to base your custom role on, right-click and selectSave As New Role.
- In theCreate Rolewindow, specify aRole Nameand update theDescription.
- Update theViewsandActionspermissions you want the role to include andCreatethe role.
- Create and save new roles based on the granular permission.
- SelectNew Role.
- In theCreate Rolewindow, specify aRole NameandDescription.
- Select theViewsandActionspermissions you want the role to include andCreatethe role.
- Edit role permissions (only available for roles you create).
- Locate the custom role you want to edit, right-click and selectEdit Role.
- In theEdit Rolewindow, update theViewsandActionspermissions you want the role to include andEditthe role.
- Assign roles to a Cortex XDR user.In thePermissionspage, select theAccount Name. The following options are available to help you manage permissions. You can assign roles to one or more users at a time.
- Assign permissions to a user that does not have a role.
- Hover over the user name and select , located to the right of the row, toAdd Permissions.
- In theAdd Permissionswindow, select from the list ofAvailable Tenantsfor which you want to grant permissions.
- Select a role from either theDefault RolesorCustom Rolesyou want to assign the user andAddthe role to the user.
- Update permission for users with an exiting role.
- Hover over the user name and select , located to the right of the row, toUpdate Permissions.
- In theUpdate Permissionswindow, select a role from either theDefault RolesorCustom Rolesyou want to assign the user andUpdatethe role.
- Designate a user as hidden.Locate the user you want to hide, right-click, and selectHide User. When a user is designated as hidden, the user will no longer be displayed in thePermissionstable when the table is configured toShow User Subset(default configuration).
- Manage User Scope
Recommended For You
Recommended videos not found.