Strata Cloud Manager

1. Use one of the various ways to access Identity & Access.
2. Add Access to your tenant where Enterprise DLP is active.

   This step is required only if the user for which you’re granting Enterprise DLP access isn’t already registered with the Palo Alto Networks Customer Support Portal (CSP).
3. Select Prisma Access & NGFWManageSecurity ServicesData Loss Prevention to add a custom role.

   You can use custom roles allow to define which permissions are enforced for your users and allow more granular access control to Enterprise DLP than predefined roles.

   The access permissions applied to the Data Loss Prevention parent node determines the lowest access privilege you can assign to any of its child node. For example, if you want provide No Access and Read Only to some areas of Enterprise DLP, you must first assign No Access to the Enterprise DLP application.

   Below is an example of a custom Enterprise DLP role. The custom role is configured with no access privileges to Audit Logs or any of the Enterprise DLP settings. However, read-only access is configured for the Health & Telemetry and DLP Incidents, and full read and write privileges are configured for Data Profiles, all Detection Methods, Document Types, and DLP Rules.

4. Assign role-based access for Enterprise DLP.

   You don’t need to configuring a tenant role for a user if access to only Enterprise DLP is required.

   1. Select User and for the Identity Address, enter the email address for which you granted access in the previous step.
   2. For Apps & Services, select Enterprise DLP.
   3. Select a predefined or custom Enterprise DLP Role.
   4. Submit.
5. Continue based on your Enterprise DLP access privileges.

   • Enable Enterprise DLP on Strata Cloud Manager
   • Create a data pattern
   • Create a data profile
   • Monitor Enterprise DLP