Enable Role Based Access to Enterprise DLP on Cloud Management

Configure role-based access to
Enterprise data loss prevention (DLP)
for
Prisma Access (Cloud Management)
and SaaS Security on
Cloud Management
.
Configure and assign administrative privileges on the hub to grant read and write access for
Enterprise data loss prevention (DLP)
on
Cloud Management
. The hub role you configure and assign signifies the read and write access privileges granted to the user. You can assign a role for
All Apps & Services
active on your
Cloud Management
tenant, a role for the
Enterprise DLP
app, or assign a role for both. For the app, When a user is assigned a role for both
All Apps & Services
and the
Enterprise DLP
app, the access privileges granted by the app-specific role take priority over the access privileges granted by the
All Apps & Services
role.
For example, you have both
Prisma Access (Cloud Management)
and
Enterprise DLP
active on your tenant. For Prisma Access, you assign a user the
View Only Administrator
role. Later, you assign the same user the
DLP Policy Manager
for
Enterprise DLP
. In this instance, the user has read-only access to
Prisma Access (Cloud Management)
but both read and write access to the majority of
Enterprise DLP
for configuration purposes.
Cloud Management
supports the following roles to grant access privileges for the
Enterprise DLP
app specifically.
Predefined
Enterprise DLP
Role
Privileges
DLP Incident Manager
Read and Write Access
— Alerts, Incidents, health and telemetry, reports, and Audit Logs
Read Only Access
—Data patterns, profiles, DLP Rules, EDM data sets, OCR setting, and all DLP settings
DLP Policy Manager
Read and Write Access
— Data patterns, profiles, DLP Rules, EDM data sets, OCR setting, health and telemetry, audit logs, alerts, and all DLP settings
No Access
— Incidents and reports
Multitenant Superuser
Full read and write privileges to
Enterprise DLP
for all tenants in the particular multitenant hierarchy where the role is assigned
Superuser
Full read and write privileges for
Enterprise DLP
View Only Administrator
Read-only privileges for
Enterprise DLP
  1. Log in to the hub.
  2. Add Access to your tenant where
    Enterprise DLP
    is active.
    This step is required only if the user for which you’re granting
    Enterprise DLP
    access isn’t already registered with the Palo Alto Networks Customer Support Portal (CSP).
  3. Assign role-based access for
    Enterprise DLP
    .
    You don’t need to configuring a tenant role for a user if access to only
    Enterprise DLP
    is required.
    1. For
      Apps & Services
      , select
      Enterprise DLP
      .
    2. Select an
      Enterprise DLP
      Role
      .
    3. Submit
      .

Recommended For You