Hub Getting Started Guide
    : Available Roles
    Focus
    Download PDF
    Focus
    1. Home
    2. Hub Getting Started Guide
    3. Manage App Roles
    4. Available Roles
    Download PDF

    Hub Getting Started Guide

    Available Roles

    Table of Contents

    Available Roles

    The Palo Alto Networks hub offers some standard roles. Some apps also offer predefined roles.
    The roles available to users vary by app but there are some standard roles that are available for every app. These common roles determine who can manage roles for the app or account. Some apps provide additional roles that determine what kind of activities a user can perform in the app.

    Common Roles

    Role
    Definition
    Account Administrator
    Can assign roles for any app in your organization and access all app instances installed for the account.
    The account administrator is usually the first user from your organization to register on the Palo Alto Networks Customer Support Portal. However, other accounts can be assigned this role (Settings (
    )    Access ManagementAssign RolesAccount    ). There is no limit to the number of accounts to which you can assign this or any other role.
    Account administrators cannot be assigned roles for apps because they already have full role access to everything.
    App Administrator
    Can assign roles specific to an app, make other users app or instance administrators, and assign other users any predefined or custom roles.
    App administrators cannot be assigned predefined or custom roles to specific instances of the app because they already have full role access to all app instances.
    No Role
    Cannot access the app.
    Instance Administrator
    Can access the app instance for which this role is assigned. If the app has predefined or custom app roles, the instance administrator can assign those roles to other users. The instance administrator can also make other users instance administrators for that app instance. Finally, the instance administrator can deactivate the app instance.
    Instance administrators cannot be assigned app-specific roles for the app instance because they already have full role access to the instance.

    Predefined App Roles

    Some apps provide additional roles beyond the common roles available to every app. These determine what kind of activities a user can perform in the app.
    AppPredefined Roles
    Cortex XDR
    Cortex XDR provides granular roles for its users.
    IoT Security
    IoT Security provides granular roles for its users.
    Strata Logging Service
    Strata Logging Service provides granular roles for its users.

    © 2025 Palo Alto Networks, Inc. All rights reserved.