1. Home
    2. Prisma
    3. Prisma Cloud
    4. Prisma™ Cloud Administrator's Guide
    5. Manage Prisma Cloud Administrators
    6. Prisma Cloud Administrator Permissions

    Prisma Cloud Administrator Permissions

    View a list of the access privileges associated with each Prisma Cloud role
    The following tables provides a list of the access privileges associated with each role for different parts of the Prisma Cloud administrative console.
    See Prisma Cloud Administrator Roles for details on how to create roles and assign access to account groups or repositories to designate what a user is allowed to view; details on permissions for Prisma Cloud Compute roles.

    Roles that Enable Access to All Areas of the Prisma Cloud Administrative Console

    PRISMA CLOUD ROLE
    SYSTEM ADMIN
    ACCOUNT GROUP ADMIN
    CLOUD PROVISIONING ADMIN
    ACCOUNT AND CLOUD PROVISIONING ADMIN
    BUILD AND DEPLOY SECURITY
    ACCOUNT GROUP READ ONLY
    DEVELOPER
    Dashboard
    All accounts
    Designated accounts
    No
    Designated accounts
    No
    Designated accounts
    No
    Home
    Yes
    Yes
    Yes
    Yes
    Yes
    Yes
    Yes
    Inventory
    All accounts
    Designated accounts
    No
    Designated accounts
    No
    Designated accounts
    No
    Save Asset filter(s)
    All accounts
    Designated accounts
    No
    Designated accounts
    No
    Designated Accounts
    No
    Delete Asset Filter(s)
    Yes
    Users in this role
    No
    Users in this role
    No
    Users in this role
    No
    Investigate
    Running Queries
    All accounts
    Designated accounts
    No
    Designated accounts
    No
    Designated accounts
    No
    Save Searches
    All accounts
    Designated accounts
    No
    Designated accounts
    No
    Designated accounts
    No
    Edit / Delete Saved Search
    Yes
    Users in this role
    No
    Users in this role
    No
    Users in this role
    No
    Policies
    View Policy
    Yes
    Yes
    No
    Yes
    No
    Yes
    No
    Create Policy
    Yes
    Yes
    No
    Yes
    No
    No
    No
    Add/Edit CLI Remediation in Policy
    Yes
    No
    No
    No
    No
    No
    No
    Edit / Delete / Disable Policy
    Yes
    Users in this role
    No
    Users in this role
    No
    No
    No
    Compliance
    Compliance Dashboard
    All accounts
    Designated accounts
    No
    Designated accounts
    No
    Designated accounts
    No
    Create / Edit Reports
    All accounts
    Designated accounts
    No
    Designated accounts
    No
    Designated accounts
    No
    Download Reports
    All accounts
    Designated accounts
    No
    Designated accounts
    No
    Designated accounts
    No
    Delete Reports
    All accounts
    Designated accounts
    No
    Designated accounts
    No
    Users in this role
    No
    Create / Edit / Delete Compliance Standards
    Yes
    No
    No
    No
    No
    No
    No
    View Compliance Standards
    Yes
    Yes
    No
    Yes
    No
    Yes
    No
    Save Compliance Filter(s)
    All accounts
    Designated accounts
    No
    Designated accounts
    No
    Designated Accounts
    No
    Delete Compliance Filter(s)
    Yes
    Users in this role
    No
    Users in this role
    No
    Users in this role
    No
    Adoption Advisor
    Adoption Advisor Console
    Yes
    No
    No
    No
    No
    No
    No
    Create / Edit Reports
    Yes
    No
    No
    No
    No
    No
    No
    Download Reports
    Yes
    No
    No
    No
    No
    No
    No
    Delete Reports
    Yes
    No
    No
    No
    No
    No
    No
    Alerts
    View / Search Alerts
    All accounts
    Designated accounts
    No
    Designated accounts
    No
    Designated accounts
    No
    Dismiss / Resolve / Snooze Alerts
    All accounts
    Designated accounts
    No
    Designated accounts
    No
    No
    No
    Save Alert Filter(s)
    All accounts
    Designated accounts
    No
    Designated accounts
    No
    Designated Accounts
    No
    Delete Alert Filter(s)
    Yes
    Users in this role
    No
    Users in this role
    No
    Users in this role
    No
    Create Report
    All accounts
    Designated accounts
    No
    Designated accounts
    No
    Designated Accounts
    No
    Download Reports
    All accounts
    Designated accounts
    No
    Designated accounts
    No
    Designated accounts
    No
    Delete Reports
    All accounts
    Designated accounts
    No
    Designated accounts
    No
    Designated Accounts
    No
    View Alert Rules
    All accounts
    Designated accounts
    No
    Designated accounts
    No
    Designated accounts
    No
    Create / Edit / Delete / Disable Alert Rules
    All accounts
    Designated accounts
    No
    Designated accounts
    No
    No
    No
    View Notification Templates
    Yes
    Yes
    No
    Yes
    No
    Yes
    No
    Create / Edit / Delete Notification Templates
    Yes
    No
    No
    Yes
    No
    No
    No
    Compute
    Yes
    Yes - Auditor
    Yes - Defender Manager
    Yes - Auditor
    Yes - DevOps Access to the APIs for running IDE, SCM, and CI plugins for IaC and Vuln scanning
    Yes- DevSecOps User
    No
    Radar
    Yes
    Yes read-only access to data relevant to the account in account group
    No
    Yes read-only access to data relevant to account in account group
    No
    Yes
    No
    Defend
    Yes
    Yes read-only access to all data
    No
    Yes read-only access to all data
    Defend Vulnerabilities/Compliance
    Defend Vulnerabilities/Compliance
    No
    Monitor
    Yes
    Yes read-only access to data relevant to account in account group
    No
    Yes read-only access to data relevant to account in account group
    Monitor Vulnerabilities/Compliance but only CI tab under Images/Functions
    Yes
    No
    Manage
    Yes
    View All Logs, Defenders - Manage deployed to account group, Alerts - View, Collections and Tags - Read Only, Authentication - Read Only, System Utilities, such as the Jenkins Plugin and twistcli, path to console, and API token
    Defenders - Manage current defenders and deploy new ones, Authentication - view user certificates, System Utilities, such as the Jenkins Plugin and twistcli, path to console, and API token
    View All Logs, Defenders - Manage deployed to account group, Alerts - View, Collections and Tags - Read Only, Authentication - Read Only, System Utilities, such as the Jenkins Plugin and twistcli, path to console, and API token
    System - Download Utilities, such as the Jenkins Plugin and twistcli, path to console, and API token
    System Utilities, such as the Jenkins Plugin and twistcli, path to console, and API token
    No
    Code Security
    View Scan Results in Projects, Development Pipelines, and Supply Chain Graph
    All repositories
    Designated repositories
    No
    Designated repositories
    No
    Designated repositories
    Designated Repositories
    Suppress and Submit Changes to repositories
    All repositories
    Designated repositories
    No
    Designated repositories
    No
    No
    No
    Fix and Submit Changes to repositories
    All repositories
    Designated repositories
    No
    Designated repositories
    No
    No
    Yes
    View/Edit Filters
    All repositories
    Designated repositories
    No
    No
    No
    Designated repositories
    Designated Repositories
    View Resource Details and Resource History
    All repositories
    Designated repositories
    No
    No
    No
    Designated repositories
    Designated Repositories
    View Open in Git
    All repositories
    Designated repositories
    No
    No
    No
    Designated repositories
    Designated Repositories
    View Merge PR
    All repositories
    Designated repositories
    No
    No
    No
    Designated repositories
    Designated Repositories
    Development PipelinesProjects and Code Reviews
    All repositories
    Designated repositories
    Designated repositories
    Designated repositories
    No
    NoDesignated repositories for Code Reviews
    NoDesignated repositories for Code Reviews
    EnforcementView and Add Exceptions
    All repositories
    All repositories
    All repositories
    Designated repositories
    All repositories
    All repositories
    Designated repositories
    Edit Enforcement
    All repositories
    All repositories
    All repositories
    Designated repositories
    No
    No
    No
    Supply Chain
    All repositories
    All repositories
    All repositories
    Designated repositories
    No
    No
    Designated repositories
    Settings
    View Accounts
    All accounts
    Designated accounts
    Designated accounts
    Designated accounts
    No
    Designated accounts
    No
    View Account Details
    Yes
    No
    Yes
    Yes
    No
    No
    No
    Create / Edit / Delete / Disable Accounts
    Yes
    No
    Yes
    Yes
    No
    No
    No
    View Account Groups
    All accounts
    Designated accounts
    Designated accounts
    Designated accounts
    No
    Designated accounts
    No
    Create / Edit / Delete Account Groups
    Yes
    No
    Yes
    Yes
    No
    No
    No
    Create / View / Edit / Delete User Roles
    Yes
    Read-only access to view the roles assigned for self
    Read-only access to view the roles assigned for self
    Read-only access to view the roles assigned for self
    Read-only access to view the roles assigned for self
    Read-only access to view the roles assigned for self
    Read-only access to view the roles assigned for self
    Create / View / Edit / Delete / Disable Users
    Yes
    No
    No
    No
    No
    No
    No
    Add/Activate/Deactivate/Delete Access Keys
    Yes
    Yes
    Yes
    Yes
    Yes
    Yes
    Yes
    View Repositories
    Yes
    Designated Repositories
    No
    Designated Repositories
    No
    Designated Repositories
    Designated Repositories
    Add/Update Repositories
    Yes
    No
    No
    Yes
    No
    No
    No
    Delete Repositories
    Yes
    No
    No
    Designated repositories
    No
    No
    No
    Edit /Update Code Security Configuration
    Yes
    No
    No
    No
    No
    No
    No
    View / Edit SSO Settings
    Yes
    No
    No
    No
    No
    No
    No
    Create / View / Edit / Delete / Disable Integrations
    Yes
    No
    No
    No
    No
    No
    No
    View/Edit Trusted IP Addresses
    Yes
    No
    No
    No
    No
    No
    No
    View License Information and Credit Allocation
    Yes
    No
    No
    No
    No
    No
    No
    View Prisma Cloud Audit Logs
    Yes
    No
    No
    No
    No
    No
    No
    View/Edit Anomaly Settings > Alerts and Thresholds
    Yes
    No
    No
    No
    No
    No
    No
    View/Edit Anomaly Settings > Anomaly Trusted List
    Yes
    Yes, can manage trusted list entries only for self
    No
    Yes, can manage trusted list entries only for self
    No
    No
    No
    View/Edit Enterprise Settings
    Yes
    No
    No
    No
    No
    No
    No
    Alarm Center
    Yes
    Yes
    No
    No
    No
    No
    No
    Resource Lists
    Create Resource List
    Yes
    Yes, with the exception of Compute Access Group
    No
    Yes, with the exception of Compute Access Group
    No
    No
    No
    Update Resource List
    Yes
    Yes, Designated Resource Lists
    No
    Yes, Designated Resource Lists
    No
    Yes, Designated Resource Lists
    No
    Delete Resource List
    Yes
    No
    No
    No
    No
    No
    No
    View Resource Lists
    Yes
    Yes, Designated Resource Lists
    No
    Yes, Designated Resource Lists
    Yes, Designated Resource Lists
    Yes, Designated Resource Lists
    No

    Roles that Enable Compute Access Only

    PRISMA CLOUD ROLE
    SYSTEM ADMIN WITH COMPUTE ACCESS ONLY
    ACCOUNT GROUP ADMIN WITH COMPUTE ACCESS ONLY
    ACCOUNT AND CLOUD PROVISIONING ADMIN WITH COMPUTE ACCESS ONLY
    ACCOUNT GROUP READ ONLY WITH COMPUTE ACCESS ONLY
    Dashboard
    No
    No
    No
    No
    Home
    Yes
    Yes
    Yes
    Yes
    Inventory
    No
    No
    No
    No
    Save Asset filter(s)
    No
    No
    No
    No
    Delete Asset Filter(s)
    No
    No
    No
    No
    Investigate
    No
    No
    No
    No
    Policies
    No
    No
    No
    No
    Compliance
    No
    No
    No
    No
    Alerts
    No
    No
    No
    No
    Compute
    Yes
    Yes
    Yes
    Yes
    Radar
    Yes
    Yes read-only access to data relevant to the account in account group
    Yes read-only access to data relevant to account in account group
    Yes
    Defend
    Yes
    Yes read-only access to all data
    Yes read-only access to all data
    No
    Monitor
    Yes
    Yes read-only access to data relevant to account in account group
    Yes read-only access to data relevant to account in account group
    Yes
    Manage
    Yes
    View All Logs,
    Defenders - Manage deployed to account group, Alerts - View,
    Collections and Tags - Read Only,
    Authentication - Read Only,
    System - Downloads - Jenkins Plugin and twistcli
    View All Logs,
    Defenders - Manage deployed to account group, Alerts - View,
    Collections and Tags - Read Only,
    Authentication - Read Only,
    System - Downloads - Jenkins Plugin and twistcli
    Yes
    Code Security
    No
    No
    No
    No
    Settings
    Create / View / Edit / Delete User Roles
    Read-only access to view the roles assigned for self
    Read-only access to view the roles assigned for self
    Read-only access to view the roles assigned for self
    Read-only access to view the roles assigned for self
    Add/Activate/Deactivate/Delete Access Keys
    Yes Can manage access keys for self
    Yes
    Can manage access keys for self
    Yes
    Can manage access keys for self
    Yes
    Can manage access keys for self
    Resource Lists
    No
    No
    No
    No
    Alarm Center
    No
    No
    No
    No

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2023 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo