User Roles for IoT Security
Table of Contents
Expand all | Collapse all
-
- Firewall and PAN-OS Support of IoT Security
- IoT Security Prerequisites
- Onboard IoT Security
- Onboard IoT Security on VM-Series with Software NGFW Credits
-
- DHCP Data Collection by Traffic Type
- Firewall Deployment Options for IoT Security
- Configure a Pre-PAN-OS 10.0 Firewall with a DHCP Server
- Configure a Pre-PAN-OS 10.0 Firewall for a Local DHCP Server
- Use a Tap Interface for DHCP Visibility
- Use a Virtual Wire Interface for DHCP Visibility
- Use SNMP Network Discovery to Learn about Devices from Switches
- Use Network Discovery Polling to Discover Devices
- Use ERSPAN to Send Mirrored Traffic through GRE Tunnels
- Use DHCP Server Logs to Increase Device Visibility
- Plan for Scaling when Your Firewall Serves DHCP
- Prepare Your Firewall for IoT Security
- Configure Policies for Log Forwarding
- Control Allowed Traffic for Onboarding Devices
- Support Isolated Network Segments
- IoT Security Integration with Prisma Access
- IoT Security Licenses
- Offboard IoT Security Subscriptions
-
- Introduction to IoT Security
- IoT Security Integration with Next-generation Firewalls
- IoT Security Portal
- Vertical-themed Portals
- Device-to-Site Mapping
- Sites and Site Groups
- Networks
- Network Segments Configuration
- Reports
- IoT Security Integration Status with Firewalls
- IoT Security Integration Status with Prisma Access
- Data Quality Diagnostics
- Authorize On-demand PCAP
- IoT Security Integrations with Third-party Products
- IoT Security and FedRAMP
User Roles for IoT Security
Learn about IoT Security user roles.
Role-based access control (RBAC) enables you to assign
privileges and access rights to administrative users through role assignment.
You create user accounts in the Customer Support Portal (CSP), assign
them roles in the hub, and limit the data they can access by site
in the IoT Security portal. For step-by-step instructions about
creating users for IoT Security, see Create IoT Security Users.
IoT Security supports the following user roles:
- App Administrator
- Instance Administrator
- Owner
- Administrator
- Read only
The App Administrator and Instance Administrator are common roles
that are available to every Palo Alto Networks product application. For IoT Security,
they provide the same privileges as Owner. To learn more about them,
see Available Roles.
The three user roles specifically for the IoT Security portal are
Owner, Administrator, and Read only.
| User Role | Role Definition | Access Control |
|---|---|---|
Owner (Also App Administrator and
Instance Administrator) | Access to all functions in the IoT Security portal | All read/write privileges as administrators
plus:
|
Administrator | Access to most functions in the IoT Security portal | Create, edit, and delete IoT Security configurations
and manage their own account preferences:
|
Read only | Can only view data in the IoT Security portal |
|
For Panorama-managed Prisma Access tenants with an IoT Security
add-on license, add the following types of users to give them access privileges
to both Prisma Access and IoT Security:
| Prisma SASE Platform User Roles | IoT Security User Roles |
|---|---|
| Superuser, MSP Superuser | Owner |
| N.A. | Administrator* |
| View Only Administrator | Read-only |
* There is no user role in Prisma SASE that maps to the Administrator
role in IoT Security.
For new Panorama-managed Prisma Access customers as of August
2022, or an existing Panorama-managed Prisma Access customer whose
Prisma Access instance has been transitioned to the Prisma SASE
platform, use Common Services: Identity &
Access for managing user access, roles, and service accounts.
For existing Panorama-managed Prisma Access customers whose Prisma
Access instance has not yet been transitioned to the Prisma SASE
Platform, you can continue using the existing process to create administrative
users until the transition completes.