1. Home
    2. Enterprise DLP
    3. Enterprise DLP Administrator’s Guide
    4. Set Up Enterprise DLP
    5. Enable Role Based Access to Enterprise DLP on Cloud Management

    Enable Role Based Access to Enterprise DLP on Cloud Management

    Configure role-based access to Enterprise data loss prevention (DLP) for Prisma Access (Cloud Managed) and SaaS Security on Cloud Management.
    Configure and assign administrative privileges on the hub to grant read and write access for Enterprise data loss prevention (DLP) on Cloud Management. The hub role you configure and assign signifies the read and write access privileges granted to the user. You can assign a role for
    All Apps & Services
     active on your cloud management tenant, a role for the
    Enterprise DLP
     app, or assign a role for both. For the app, When a user is assigned a role for both
    All Apps & Services
     and the
    Enterprise DLP
     app, the access privileges granted by the app-specific role take priority over the access privileges granted by the
    All Apps & Services
     role.
    For example, you have both Prisma Access (Cloud Managed) and Enterprise DLP active on your tenant. For Prisma Access, you assign a user the
    View Only Administrator
     role. Later, you assign the same user the
    DLP Policy Manager
     for the Enterprise DLP app. In this instance, the user has read only access to Prisma Access (Cloud Managed) but both read and write access to the majority of Enterprise DLP for configuration purposes.
    Cloud Management supports the following roles to grant access privileges for the Enterprise DLP app specifically.
    Predefined Enterprise DLP Role
    Privileges
    DLP Incident Manager
    Read and Write Access
     — Alerts, Incidents, health and telemetry, reports, and Audit Logs
    Read Only Access
    —Data patterns, profiles, DLP Rules, EDM datasets, OCR setting, and all DLP settings
    DLP Policy Manager
    Read and Write Access
     — Data patterns, profiles, DLP Rules, EDM datasets, OCR setting, health and telemetry, audit logs, alerts, and all DLP settings
    No Access
    — Incidents and reports
    MSP Superuser
    Full read and write privileges to Enterprise DLP for all tenants in the particular multitenant hierarchy where the role is assigned
    Superuser
    Full read and write privileges for Enterprise DLP
    View Only Administrator
    Read only privileges for Enterprise DLP
    1. Log in to the hub.
    2. Add Access to your tenant where Enterprise DLP is active.
      This step is required only if the user for which you are granting Enterprise DLP access is not already registered with the Palo Alto Networks Customer Support Portal (CSP).
    3. Assign role-based access for Enterprise DLP.
      You do not need to configuring a tenant role for a user if access to only Enterprise DLP is required.
      1. For
        Apps & Services
        , select
        Enterprise DLP
        .
      2. For the
        Role
        , select an Enterprise DLP role.
      3. Submit
        .

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo