User Roles for IoT Security

Learn about IoT Security user roles.
Role-based access control (RBAC) enables you to assign privileges and access rights to administrative users through role assignment. You create user accounts in the Customer Support Portal (CSP), assign them roles in the hub, and limit the data they can access by site in the IoT Security portal. For step-by-step instructions about creating users for IoT Security, see Create IoT Security Users.
IoT Security supports the following user roles:
  • App Administrator
  • Instance Administrator
  • Owner
  • Administrator
  • Read only
The App Administrator and Instance Administrator are common roles that are available to every Palo Alto Networks app. For IoT Security, they provide the same privileges as Owner. To learn more about them, see Available Roles.
The three user roles specifically for the IoT Security app are Owner, Administrator, and Read only.
User Role
Role Definition
Access Control
(Also App Administrator and Instance Administrator)
Access to all functions of the app
All read/write privileges as administrators plus:
  • Set a global idle timeout
  • Change the device-to-site assignment method from one based on firewall locations to one based on IP addresses
  • View audit logs for all users
  • Set scanning permissions per administrator account
  • Control which sites users with administrator and read-only privileges can access
  • Control who receives threat notifications and system alerts
Access to most functions of the app
Create, edit, and delete IoT Security configurations and manage their own account preferences:
  • See their own user role and list of sites they can access
  • Create, download, and delete API access keys
  • Update contact info
  • Modify their login preference if accessing multiple deployments
  • Shorten the idle timeout
  • Enable and disable alert sounds
  • Enable and disable alert notifications via SMS and email
  • Manage their own user account preferences
  • See the audit log for their own activities
Read only
Can only view data of the app
  • View IoT Security data for the sites they can access
  • Manage their own user account preferences
  • See the audit log for their own activities

Recommended For You