Manage IoT Security Users
Learn about and manage IoT Security users with role-based access control
(RBAC).
| Where Can I Use This? | What Do I Need? |
|---|
Role-based access control (RBAC) enables you to assign
privileges and access rights to administrative users through role assignment.
You create user accounts in the Customer Support Portal (CSP), assign
them roles in the hub, and limit the data they can access by site
in the
IoT Security portal. For step-by-step instructions about
creating users for
IoT Security, see
Create IoT Security Users.
IoT Security supports the following user roles:
App Administrator
Instance Administrator
Owner
Administrator
Read only
The App Administrator and Instance Administrator are common roles
that are available to every Palo Alto Networks product application. For
IoT Security,
they provide the same privileges as Owner. To learn more about them,
see
Available Roles.
The three user roles specifically for the IoT Security portal are
Owner, Administrator, and Read only.
| User Role | Role Definition | Access Control |
|---|
|
Owner
(Also App Administrator and
Instance Administrator)
|
Access to all functions in the IoT Security portal
|
All read/write privileges as administrators
plus:
Set a global idle timeout Change the device-to-site assignment method from one based
on firewall locations to one based on IP addresses View audit logs for all users Set scanning permissions per administrator account Control which sites users with administrator and read-only
privileges can access Control who receives notifications of security alerts and system alerts
|
|
Administrator
|
Access to most functions in the IoT Security portal
| Create, edit, and delete IoT Security configurations
and manage their own account preferences: See their own
user role and list of sites they can access Create, download, and delete API access keys Update contact info Modify their login preference if accessing multiple deployments Shorten the idle timeout Enable and disable alert sounds Enable and disable alert notifications via SMS and email Manage their own user account preferences See the audit log for their own activities
|
|
Read only
|
Can only view data in the IoT Security portal
|
View IoT Security data for the sites they
can access Manage their own user account preferences See the audit log for their own activities
|
For Panorama-managed Prisma Access tenants with an IoT Security
add-on license, add the following types of users to give them access privileges
to both Prisma Access and IoT Security:
| Prisma SASE Platform User Roles | IoT Security User Roles |
| Superuser, MSP Superuser | Owner |
| N.A. | Administrator* |
| View Only Administrator | Read-only |
* There is no user role in Prisma SASE that maps to the Administrator
role in IoT Security.
For new Panorama-managed Prisma Access customers as of August
2022, or an existing Panorama-managed Prisma Access customer whose
Prisma Access instance has been transitioned to the Prisma SASE
platform, use
Common Services: Identity &
Access for managing user access, roles, and service accounts.
For existing Panorama-managed Prisma Access customers whose Prisma
Access instance has not yet been transitioned to the Prisma SASE
Platform, you can continue using the
existing process to create administrative
users until the transition completes.
