You can scope access to Prisma Cloud by cloud account ID.
Prisma Cloud automatically puts cloud account resources (e.g., containers, clusters, serverless functions, etc) into collections so that when users log in, they can see data for just the resources in the cloud account.
Currently, VM scan results aren’t added to per-cloud account collections.
Only Prisma Cloud roles with read-write access (System Admins) can view VM image scan reports.
Primsa Cloud roles with read-only access can’t view VM image scan reports.
This issue will be resolved in an upcoming release.