Available Roles
The Palo Alto Networks hub offers some standard roles.
Some apps also offer predefined roles.
The roles available to users vary by app but there are
some standard roles that are available for every app. These common
roles determine who can manage roles for the app or account. Some
apps provide additional roles that determine what kind of activities
a user can perform in the app.
Common
Roles
Role | Definition |
|---|---|
Account Administrator | Can assign roles for any app in your organization
and access all app instances installed for the account. The
account administrator is usually the first user from your organization
to register on the Palo Alto Networks Customer Support Portal. However,
other accounts can be assigned this role ( Settings (
 Access Management Assign Roles Account Account administrators cannot be
assigned roles for apps because they already have full role access
to everything. |
App Administrator | Can assign roles specific to an app, make
other users app or instance administrators, and assign other users
any predefined or custom roles. App administrators cannot
be assigned predefined or custom roles to specific instances of
the app because they already have full role access to all app instances. |
No Role | Cannot access the app. |
Instance Administrator | Can access the app instance for which this
role is assigned. If the app has predefined or custom app roles,
the instance administrator can assign those roles to other users.
The instance administrator can also make other users instance administrators
for that app instance. Finally, the instance administrator can deactivate the
app instance. Instance administrators cannot be assigned app-specific
roles for the app instance because they already have full role access
to the instance. |
Predefined
App Roles
Some apps provide additional roles beyond the
common roles available to every app. These determine what kind of
activities a user can perform in the app.
App | Predefined Roles |
|---|---|
Cortex™ Cortex
XDR | Cortex XDR provides granular roles for its users. |
IoT Security | IoT Security provides granular roles for its users. |
Cortex Data Lake | Cortex Data Lake provides granular roles for its users. |
