: Available Roles
Focus
Focus

Available Roles

Table of Contents

Available Roles

The Palo Alto Networks hub offers some standard roles. Some apps also offer predefined roles.
The roles available to users vary by app but there are some standard roles that are available for every app. These common roles determine who can manage roles for the app or account. Some apps provide additional roles that determine what kind of activities a user can perform in the app.

Common Roles

Role
Definition
Account Administrator
Can assign roles for any app in your organization and access all app instances installed for the account.
The account administrator is usually the first user from your organization to register on the Palo Alto Networks Customer Support Portal. However, other accounts can be assigned this role (Settings (
)
Access ManagementAssign RolesAccount
). There is no limit to the number of accounts to which you can assign this or any other role.
Account administrators cannot be assigned roles for apps because they already have full role access to everything.
App Administrator
Can assign roles specific to an app, make other users app or instance administrators, and assign other users any predefined or custom roles.
App administrators cannot be assigned predefined or custom roles to specific instances of the app because they already have full role access to all app instances.
No Role
Cannot access the app.
Instance Administrator
Can access the app instance for which this role is assigned. If the app has predefined or custom app roles, the instance administrator can assign those roles to other users. The instance administrator can also make other users instance administrators for that app instance. Finally, the instance administrator can deactivate the app instance.
Instance administrators cannot be assigned app-specific roles for the app instance because they already have full role access to the instance.

Predefined App Roles

Some apps provide additional roles beyond the common roles available to every app. These determine what kind of activities a user can perform in the app.
AppPredefined Roles
Cortex XDR
Cortex XDR provides granular roles for its users.
IoT Security
IoT Security provides granular roles for its users.
Strata Logging Service
Strata Logging Service provides granular roles for its users.