Available Roles
The Palo Alto Networks hub offers some standard roles.
Some apps also offer custom roles.
The roles available to users vary by app. There are
some standard roles that are available for every app — mostly these
determine who can manage roles for the app or account. Some apps
also provide additional roles that determine what kind of activities
a user can perform in the app.
Common
Roles
Roles available to every app are:
Role | Definition |
|---|---|
Account Administrator | This is the account that can assign roles
for any app in your organization. The Account Administrator can
activate and deactivate app instances, and it can access all app
instances installed for the account. The Account Administrator
is usually the first user from your organization to register on
the Palo Alto Networks Customer Support Portal. However, other accounts
can be assigned this role using the Manage Roles page
(there is no limit to the number of accounts that can be assigned
this or any other role). Account Administrators cannot be
assigned roles to apps because they already have full role access
to everything. |
App Administrator | Can activate or deactivate app instances.
Can also assign roles specific to that app. For example, if you
are the App Administrator for Traps management service, then you
can activate new instances of Traps. You can also make other users
an App or Instance Administrator, and you can assign other users
any of the custom Traps roles. App Administrators cannot
be assigned custom roles to specific instances of the app because
they already have full role access to all app instances. |
No Role | Has no access to the app. |
Instance Administrator | Can access the app instance for which this
role is assigned. If the app has custom roles, the Instance Administrator
can assign those roles to other users. The Instance Administrator
can also make other users an Instance Administrator for the app
instance. Finally, the Instance Administrator can deactivate the
app instance. Instance Administrators cannot be assigned
app-specific roles for the app instance because they already have
full role access to the instance. |
Custom
Roles
Some apps provide additional roles—beyond the common
roles available to every app—that determine what kind of activities
a user can perform in the app.
App | Custom Roles |
|---|---|
Traps management service | Traps management service provides granular
roles for its users. For details on these roles and how to use them,
see Manage Administrative Access in
the Traps Management
Service Administration Guide. |
Cortex XDR | Cortex XDR provides granular Cortex XDR Administrative Roles for
its users. |