Enable Role Based Access to Enterprise DLP on Cloud Management
Configure role-based access to Enterprise data loss prevention (DLP) for Prisma Access (Cloud Managed) and SaaS Security on Cloud Management.
Configure and assign administrative privileges on the hub to grant read and write access for Enterprise data loss prevention (DLP) on Cloud Management. The hub role you configure and assign signifies the read and write access privileges granted to the user. You can assign a role for
All Apps & Servicesactive on your cloud management tenant, a role for the
Enterprise DLPapp, or assign a role for both. For the app, When a user is assigned a role for both
All Apps & Servicesand the
Enterprise DLPapp, the access privileges granted by the app-specific role take priority over the access privileges granted by the
All Apps & Servicesrole.
For example, you have both Prisma Access (Cloud Managed) and Enterprise DLP active on your tenant. For Prisma Access, you assign a user the
View Only Administratorrole. Later, you assign the same user the
DLP Policy Managerfor the Enterprise DLP app. In this instance, the user has read only access to Prisma Access (Cloud Managed) but both read and write access to the majority of Enterprise DLP for configuration purposes.
Cloud Management supports the following roles to grant access privileges for the Enterprise DLP app specifically.
Predefined Enterprise DLP Role
DLP Incident Manager
Read and Write Access— Alerts, Incidents, health and telemetry, reports, and Audit Logs
Read Only Access—Data patterns, profiles, DLP Rules, EDM datasets, OCR setting, and all DLP settings
DLP Policy Manager
Read and Write Access— Data patterns, profiles, DLP Rules, EDM datasets, OCR setting, health and telemetry, audit logs, alerts, and all DLP settings
No Access— Incidents and reports
Full read and write privileges to Enterprise DLP for all tenants in the particular multitenant hierarchy where the role is assigned
Full read and write privileges for Enterprise DLP
View Only Administrator
Read only privileges for Enterprise DLP
- Log in to the hub.
- Add Access to your tenant where Enterprise DLP is active.This step is required only if the user for which you are granting Enterprise DLP access is not already registered with the Palo Alto Networks Customer Support Portal (CSP).
- Assign role-based access for Enterprise DLP.You do not need to configuring a tenant role for a user if access to only Enterprise DLP is required.
- ForApps & Services, selectEnterprise DLP.
- For theRole, select an Enterprise DLP role.
- Continue based on your Enterprise DLP access privileges.
Recommended For You
Recommended videos not found.