Create Custom Roles

1. Select System SettingsIdentity & Access ManagementRolesCustom RolesAdd Custom Roles.
2. Add a Name and a Description for the role.

3. Add permissions. The permissions are split between web interface and API.

   If you select API: Any permissions that you had set using Web Interface are visible. You can't remove them from here, but you can remove them by changing them in Web Interface.

   1. Select Add Permissions to open the permissions modal. Permissions are listed in a hierarchy.

   2. Expand Prisma SD-WAN and search for relevant API’s. Type in an API resource to search. Type in an API resource to search. For eg. to modify Path policies, search for “networkpolicysets” You can find the API resources from Unified SASE SD-WAN APIs.

      To allow or disallow specific actions for each resource, you'll need to expand each one and explicitly select "get," "post," "put," "delete," and "query" options. Simply choosing a resource from the initial screen won't be enough, as each resource offers both "allow" and "disallow" sub-options for fine-grained control.
   3. To manage permissions, explicitly select the "put," "post," and "delete" allow options for specific API actions, such as creating or deleting Path Policy sets (networkpolicysets). You do not need to select "get" because a base role like "view_only" will automatically allow get actions.

4. Click Save the new custom role is created.