: Prisma Cloud Administrator Permissions
Focus
Focus

Prisma Cloud Administrator Permissions

Table of Contents

Prisma Cloud Administrator Permissions

View a list of the access privileges associated with each Prisma Cloud role.
The following tables provides a list of the access privileges associated with each role for different parts of the Prisma Cloud administrative console.
See Prisma Cloud Administrator Roles for details on how to create roles and assign access to account groups or repositories to designate what a user is allowed to view; details on permissions for Prisma Cloud Compute Roles.

Permission Groups that Enable Access to All Areas of the Prisma Cloud Administrative Console

PRISMA CLOUD ROLE
SYSTEM ADMIN
ACCOUNT GROUP ADMIN
CLOUD PROVISIONING ADMIN
ACCOUNT AND CLOUD PROVISIONING ADMIN
BUILD AND DEPLOY SECURITY
ACCOUNT GROUP READ ONLY
DEVELOPER
Dashboard
All accounts
Designated accounts
No
Designated accounts
No
Designated accounts
No
Home
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Inventory
All accounts
Designated accounts
No
Designated accounts
No
Designated accounts
No
Save Asset filter(s)
All accounts
Designated accounts
No
Designated accounts
No
Designated Accounts
No
Delete Asset Filter(s)
Yes
Users in this role
No
Users in this role
No
Users in this role
No
Investigate
Running Queries
All accounts
Designated accounts
No
Designated accounts
No
Designated accounts
No
Save Searches
All accounts
Designated accounts
No
Designated accounts
No
Designated accounts
No
Edit / Delete Saved Search
Yes
Users in this role
No
Users in this role
No
Users in this role
No
Policies
View Policy
Yes
Yes
No
Yes
No
Yes
No
Create Policy
Yes
Yes
No
Yes
No
No
No
Add/Edit CLI Remediation in Policy
Yes
No
No
No
No
No
No
Edit / Delete / Disable Policy
Yes
Users in this role
No
Users in this role
No
No
No
Compliance
Compliance Dashboard
All accounts
Designated accounts
No
Designated accounts
No
Designated accounts
No
Create / Edit Reports
All accounts
Designated accounts
No
Designated accounts
No
Designated accounts
No
Download Reports
All accounts
Designated accounts
No
Designated accounts
No
Designated accounts
No
Delete Reports
All accounts
Designated accounts
No
Designated accounts
No
Users in this role
No
Create / Edit / Delete Compliance Standards
Yes
No
No
No
No
No
No
View Compliance Standards
Yes
Yes
No
Yes
No
Yes
No
Save Compliance Filter(s)
All accounts
Designated accounts
No
Designated accounts
No
Designated Accounts
No
Delete Compliance Filter(s)
Yes
Users in this role
No
Users in this role
No
Users in this role
No
Adoption Advisor
Adoption Advisor Console
Yes
No
No
No
No
No
No
Create / Edit Reports
Yes
No
No
No
No
No
No
Download Reports
Yes
No
No
No
No
No
No
Delete Reports
Yes
No
No
No
No
No
No
Alerts
View / Search Alerts
All accounts
Designated accounts
No
Designated accounts
No
Designated accounts
No
Dismiss / Resolve / Snooze Alerts
All accounts
Designated accounts
No
Designated accounts
No
No
No
Save Alert Filter(s)
All accounts
Designated accounts
No
Designated accounts
No
Designated Accounts
No
Delete Alert Filter(s)
Yes
Users in this role
No
Users in this role
No
Users in this role
No
Create Report
All accounts
Designated accounts
No
Designated accounts
No
Designated Accounts
No
Download Reports
All accounts
Designated accounts
No
Designated accounts
No
Designated accounts
No
Delete Reports
All accounts
Designated accounts
No
Designated accounts
No
Designated Accounts
No
View Alert Rules
All accounts
Designated accounts
No
Designated accounts
No
Designated accounts
No
Create / Edit / Delete / Disable Alert Rules
All accounts
Designated accounts
No
Designated accounts
No
No
No
View Notification Templates
Yes
Yes
No
Yes
No
Yes
No
Create / Edit / Delete Notification Templates
Yes
No
No
Yes
No
No
No
Compute
Yes
Yes - Auditor
Yes - Defender Manager
Yes - Auditor
Yes - DevOps Access to the APIs for running IDE, SCM, and CI plugins for IaC and Vuln scanning
Yes- DevSecOps User
No
Radar
Yes
Yes read-only access to data relevant to the account in account group
No
Yes read-only access to data relevant to account in account group
No
Yes
No
Defend
Yes
Yes read-only access to all data
No
Yes read-only access to all data
Defend Vulnerabilities/Compliance
Defend Vulnerabilities/Compliance
No
Monitor
Yes
Yes read-only access to data relevant to account in account group
No
Yes read-only access to data relevant to account in account group
Monitor Vulnerabilities/Compliance but only CI tab under Images/Functions
Yes
No
Manage
Yes
View All Logs, Defenders - Manage deployed to account group, Alerts - View, Collections and Tags - Read Only, Authentication - Read Only, System Utilities, such as the Jenkins Plugin and twistcli, path to console, and API token
Defenders - Manage current defenders and deploy new ones, Authentication - view user certificates, System Utilities, such as the Jenkins Plugin and twistcli, path to console, and API token
View All Logs, Defenders - Manage deployed to account group, Alerts - View, Collections and Tags - Read Only, Authentication - Read Only, System Utilities, such as the Jenkins Plugin and twistcli, path to console, and API token
System - Download Utilities, such as the Jenkins Plugin and twistcli, path to console, and API token
System Utilities, such as the Jenkins Plugin and twistcli, path to console, and API token
No
Application Security
View Scan Results in Projects, Development Pipelines, and Supply Chain Graph
All repositories
Designated repositories
No
Designated repositories
No
Designated repositories
Designated Repositories
Suppress and Submit Changes to repositories
All repositories
Designated repositories
No
Designated repositories
No
No
No
Fix and Submit Changes to repositories
All repositories
Designated repositories
No
Designated repositories
No
No
Yes
View/Edit Filters
All repositories
Designated repositories
No
No
No
Designated repositories
Designated Repositories
View Resource Details and Resource History
All repositories
Designated repositories
No
No
No
Designated repositories
Designated Repositories
View Open in Git
All repositories
Designated repositories
No
No
No
Designated repositories
Designated Repositories
View Merge PR
All repositories
Designated repositories
No
No
No
Designated repositories
Designated Repositories
Development PipelinesProjects and Code Reviews
All repositories
Designated repositories
Designated repositories
Designated repositories
No
NoDesignated repositories for Code Reviews
NoDesignated repositories for Code Reviews
EnforcementView and Add Exceptions
All repositories
All repositories
All repositories
Designated repositories
All repositories
All repositories
Designated repositories
Edit Enforcement
All repositories
All repositories
All repositories
Designated repositories
No
No
No
Supply Chain
All repositories
All repositories
All repositories
Designated repositories
No
No
Designated repositories
Settings
View Accounts
All accounts
Designated accounts
Designated accounts
Designated accounts
No
Designated accounts
No
View Account Details
Yes
No
Yes
Yes
No
No
No
Create / Edit / Delete / Disable Accounts
Yes
No
Yes
Yes
No
No
No
View Account Groups
All accounts
Designated accounts
Designated accounts
Designated accounts
No
Designated accounts
No
Create / Edit / Delete Account Groups
Yes
No
Yes
Yes
No
No
No
Create / View / Edit / Delete User Roles
Yes
Read-only access to view the roles assigned for self
Read-only access to view the roles assigned for self
Read-only access to view the roles assigned for self
Read-only access to view the roles assigned for self
Read-only access to view the roles assigned for self
Read-only access to view the roles assigned for self
Create / View / Edit / Delete / Disable Users
Yes
No
No
No
No
No
No
Add/Activate/Deactivate/Delete Access Keys
Yes
Yes
Yes
Yes
Yes
Yes
Yes
View Repositories
Yes
Designated Repositories
No
Designated Repositories
No
Designated Repositories
Designated Repositories
Add/Update Repositories
Yes
No
No
Yes
No
No
No
Delete Repositories
Yes
No
No
Designated repositories
No
No
No
Edit /Update Application Security Configuration
Yes
No
No
No
No
No
No
View / Edit SSO Settings
Yes
No
No
No
No
No
No
Create / View / Edit / Delete / Disable Integrations
Yes
No
No
No
No
No
No
View/Edit Trusted IP Addresses
Yes
No
No
No
No
No
No
View License Information and Credit Allocation
Yes
No
No
No
No
No
No
View Prisma Cloud Audit Logs
Yes
No
No
No
No
No
No
View/Edit Anomaly Settings > Alerts and Thresholds
Yes
No
No
No
No
No
No
View/Edit Anomaly Settings > Anomaly Trusted List
Yes
Yes, can manage trusted list entries only for self
No
Yes, can manage trusted list entries only for self
No
No
No
View/Edit Enterprise Settings
Yes
No
No
No
No
No
No
Alarm Center
Yes
Yes
No
No
No
No
No
Resource Lists
Create Resource List
Yes
Yes, with the exception of Compute Access Group
No
Yes, with the exception of Compute Access Group
No
No
No
Update Resource List
Yes
Yes, Designated Resource Lists
No
Yes, Designated Resource Lists
No
Yes, Designated Resource Lists
No
Delete Resource List
Yes
No
No
No
No
No
No
View Resource Lists
Yes
Yes, Designated Resource Lists
No
Yes, Designated Resource Lists
Yes, Designated Resource Lists
Yes, Designated Resource Lists
No

Permission Groups that Enable Compute Access Only

PRISMA CLOUD ROLE
SYSTEM ADMIN WITH COMPUTE ACCESS ONLY
ACCOUNT GROUP ADMIN WITH COMPUTE ACCESS ONLY
ACCOUNT AND CLOUD PROVISIONING ADMIN WITH COMPUTE ACCESS ONLY
ACCOUNT GROUP READ ONLY WITH COMPUTE ACCESS ONLY
Dashboard
No
No
No
No
Home
Yes
Yes
Yes
Yes
Inventory
No
No
No
No
Save Asset filter(s)
No
No
No
No
Delete Asset Filter(s)
No
No
No
No
Investigate
No
No
No
No
Policies
No
No
No
No
Compliance
No
No
No
No
Alerts
No
No
No
No
Compute
Yes
Yes
Yes
Yes
Radar
Yes
Yes read-only access to data relevant to the account in account group
Yes read-only access to data relevant to account in account group
Yes
Defend
Yes
Yes read-only access to all data
Yes read-only access to all data
No
Monitor
Yes
Yes read-only access to data relevant to account in account group
Yes read-only access to data relevant to account in account group
Yes
Manage
Yes
View All Logs,
Defenders - Manage deployed to account group, Alerts - View,
Collections and Tags - Read Only,
Authentication - Read Only,
System - Downloads - Jenkins Plugin and twistcli
View All Logs,
Defenders - Manage deployed to account group, Alerts - View,
Collections and Tags - Read Only,
Authentication - Read Only,
System - Downloads - Jenkins Plugin and twistcli
Yes
Application Security
No
No
No
No
Settings
Create / View / Edit / Delete User Roles
Read-only access to view the roles assigned for self
Read-only access to view the roles assigned for self
Read-only access to view the roles assigned for self
Read-only access to view the roles assigned for self
Add/Activate/Deactivate/Delete Access Keys
Yes Can manage access keys for self
Yes
Can manage access keys for self
Yes
Can manage access keys for self
Yes
Can manage access keys for self
Resource Lists
No
No
No
No
Alarm Center
No
No
No
No

Recommended For You