Enable Role Based Access to Enterprise DLP on Cloud Management

Configure role-based access to Enterprise data loss prevention (DLP) for Prisma Access (Cloud Managed) and SaaS Security on Cloud Management.
Configure and assign administrative privileges on the hub to grant read and write access for Enterprise data loss prevention (DLP) on Cloud Management. The hub role you configure and assign signifies the read and write access privileges granted to the user. You can assign a role for
All Apps & Services
active on your cloud management tenant, a role for the
Enterprise DLP
app, or assign a role for both. For the app, When a user is assigned a role for both
All Apps & Services
and the
Enterprise DLP
app, the access privileges granted by the app-specific role take priority over the access privileges granted by the
All Apps & Services
For example, you have both Prisma Access (Cloud Managed) and Enterprise DLP active on your tenant. For Prisma Access, you assign a user the
View Only Administrator
role. Later, you assign the same user the
DLP Policy Manager
for the Enterprise DLP app. In this instance, the user has read only access to Prisma Access (Cloud Managed) but both read and write access to the majority of Enterprise DLP for configuration purposes.
Cloud Management supports the following roles to grant access privileges for the Enterprise DLP app specifically.
Predefined Enterprise DLP Role
DLP Incident Manager
Read and Write Access
— Alerts, Incidents, health and telemetry, reports, and Audit Logs
Read Only Access
—Data patterns, profiles, DLP Rules, EDM datasets, OCR setting, and all DLP settings
DLP Policy Manager
Read and Write Access
— Data patterns, profiles, DLP Rules, EDM datasets, OCR setting, health and telemetry, audit logs, alerts, and all DLP settings
No Access
— Incidents and reports
MSP Superuser
Full read and write privileges to Enterprise DLP for all tenants in the particular multitenant hierarchy where the role is assigned
Full read and write privileges for Enterprise DLP
View Only Administrator
Read only privileges for Enterprise DLP
  1. Log in to the hub.
  2. Add Access to your tenant where Enterprise DLP is active.
    This step is required only if the user for which you are granting Enterprise DLP access is not already registered with the Palo Alto Networks Customer Support Portal (CSP).
  3. Assign role-based access for Enterprise DLP.
    You do not need to configuring a tenant role for a user if access to only Enterprise DLP is required.
    1. For
      Apps & Services
      , select
      Enterprise DLP
    2. For the
      , select an Enterprise DLP role.
    3. Submit

Recommended For You