Prisma Cloud Administrator Permissions

View a list of the access privileges associated with each Prisma Cloud role
The following tables provides a list of the access privileges associated with each role for different parts of the Prisma Cloud administrative console.
For details on permissions for Prisma Cloud Compute roles, see Prisma Cloud Compute roles.
Roles that enable access to all areas of the Prisma Cloud administrative console
Compute Role
Prisma Cloud Role
Sys Admin
System Admin
Auditor
Account Group Admin
Defender Manager
Cloud Provisioning Admin
Auditor
Account and Cloud Provisioning Admin
DevOps
Build and Deploy Security
CI
Build and Deploy Security
DevSecOps
Account Group Read Only
Dashboard
All accounts
Designated accounts
No
Designated accounts
No
No
Designated accounts
Inventory
All accounts
Designated accounts
No
Designated accounts
No
No
Designated accounts
Save Asset filter(s)
All accounts
Designated accounts
No
Designated accounts
No
No
Designated Accounts
Delete Asset Filter(s)
Yes
Users in this role
No
Users in this role
No
No
Users in this role
Investigate
Running Queries
All accounts
Designated accounts
No
Designated accounts
No
No
Designated accounts
Save Searches
All accounts
Designated accounts
No
Designated accounts
No
No
Designated accounts
Edit / Delete Saved Search
Yes
Users in this role
No
Users in this role
No
No
Users in this role
Policies
View Policy
Yes
Yes
No
Yes
No
No
Yes
Create Policy
Yes
Yes
No
Yes
No
No
No
Add/Edit CLI Remediation in Policy
Yes
No
No
No
No
No
No
Edit / Delete / Disable Policy
Yes
Users in this role
No
Users in this role
No
No
No
Compliance
Compliance Dashboard
All accounts
Designated accounts
No
Designated accounts
No
No
Designated accounts
Create / Edit Reports
All accounts
Designated accounts
No
Designated accounts
No
No
Designated accounts
Download Reports
All accounts
Designated accounts
No
Designated accounts
No
No
Designated accounts
Delete Reports
All accounts
Designated accounts
No
Designated accounts
No
No
Users in this role
Create / Edit / Delete Compliance Standards
Yes
No
No
No
No
No
No
View Compliance Standards
Yes
Yes
No
Yes
No
No
Yes
Save Compliance Filter(s)
All accounts
Designated accounts
No
Designated accounts
No
No
Designated Accounts
Delete Compliance Filter(s)
Yes
Users in this role
No
Users in this role
No
No
Users in this role
Alerts
View / Search Alerts
All accounts
Designated accounts
No
Designated accounts
No
No
Designated accounts
Dismiss / Resolve / Snooze Alerts
All accounts
Designated accounts
No
Designated accounts
No
No
No
Save Alert Filter(s)
All accounts
Designated accounts
No
Designated accounts
No
No
Designated Accounts
Delete Alert Filter(s)
Yes
Users in this role
No
Users in this role
No
No
Users in this role
Create Report
All accounts
Designated accounts
No
Designated accounts
No
No
Designated Accounts
Download Reports
All accounts
Designated accounts
No
Designated accounts
No
No
Designated accounts
Delete Reports
All accounts
Designated accounts
No
Designated accounts
No
No
Designated Accounts
View Alert Rules
All accounts
Designated accounts
No
Designated accounts
No
No
Designated accounts
Create / Edit / Delete / Disable Alert Rules
All accounts
Designated accounts
No
Designated accounts
No
No
No
View Notification Templates
Yes
Yes
No
Yes
No
No
Yes
Create / Edit / Delete Notification Templates
Yes
No
No
Yes
No
No
No
Compute
Yes
Yes - Auditor
Yes - Defender Manager
Yes - Auditor
Yes - DevOps
No
Access to the APIs for running IDE, SCM, and CI plugins for IaC and Vuln scanning
Yes- DevSecOps User
Radar
Yes
Yes read-only access to data relevant to the account in account group
No
Yes read-only access to data relevant to account in account group
No
No
Yes
Defend
Yes
Yes read-only access to all data
No
Yes read-only access to all data
Defend Vulnerabilities/Compliance
No
Defend Vulnerabilities/Compliance
Monitor
Yes
Yes read-only access to data relevant to account in account group
No
Yes read-only access to data relevant to account in account group
Monitor Vulnerabilities/Compliance but only CI tab under Images/Functions
No
Yes
Manage
Yes
View All Logs, Defenders - Manage deployed to account group, Alerts - View, Collections and Tags - Read Only, Authentication - Read Only, System Utilities, such as the Jenkins Plugin and twistcli, path to console, and API token
Defenders - Manage current defenders and deploy new ones, Authentication - view user certificates, System Utilities, such as the Jenkins Plugin and twistcli, path to console, and API token
View All Logs, Defenders - Manage deployed to account group, Alerts - View, Collections and Tags - Read Only, Authentication - Read Only, System Utilities, such as the Jenkins Plugin and twistcli, path to console, and API token
System - Download Utilities, such as the Jenkins Plugin and twistcli, path to console, and API token
No
System Utilities, such as the Jenkins Plugin and twistcli, path to console, and API token
Settings
View Accounts
All accounts
Designated accounts
Designated accounts
Designated accounts
No
No
Designated accounts
View Account Details
Yes
No
Yes
Yes
No
No
No
Create / Edit / Delete / Disable Accounts
Yes
No
Yes
Yes
No
No
No
View Account Groups
All accounts
Designated accounts
Designated accounts
Designated accounts
No
No
Designated accounts
Create / Edit / Delete Account Groups
Yes
No
Yes
Yes
No
No
No
Create / View / Edit / Delete User Roles
Yes
Read-only access to view the roles assigned for self
Read-only access to view the roles assigned for self
Read-only access to view the roles assigned for self
Read-only access to view the roles assigned for self
Read-only access to view the roles assigned for self
Read-only access to view the roles assigned for self
Create / View / Edit / Delete / Disable Users
Yes
No
No
No
No
No
No
Add/Activate/Deactivate/Delete Access Keys
Yes; Can manage access keys for other roles also.
Yes
Can manage access keys for self
Yes
Can manage access keys for self
Yes
Can manage access keys for self
Yes
Can manage one access key for self
Yes
Can manage one access key for self
Yes
Can manage one access key for self
View / Edit SSO Settings
Yes
No
No
No
No
No
No
Create / View / Edit / Delete / Disable Integrations
Yes
No
No
No
No
No
No
View/Edit Trusted IP Addresses
Yes
No
No
No
No
No
No
View Licensing Info
Yes
No
No
No
No
No
No
View Prisma Cloud Audit Logs
Yes
No
No
No
No
No
No
View/Edit Anomaly Settings > Alerts and Thresholds
Yes
No
No
No
No
No
No
View/Edit Anomaly Settings > Anomaly Trusted List
Yes
Yes
Can manage trusted list entries only for self
No
Yes
Can manage trusted list entries only for self
No
No
No
View/Edit Enterprise Settings
Yes
No
No
No
No
No
No
Resource Lists
Create Resource List
Yes
Yes
No
Yes
No
No
No
Update Resource List
Yes
Yes, Designated Resource Lists
No
Yes, Designated Resource Lists
No
No
Yes, Designated Resource Lists
Delete Resource List
Yes
No
No
No
No
No
No
View Resource Lists
Yes
Yes, Designated Resource Lists
No
Yes, Designated Resource Lists
Yes, Designated Resource Lists
No
Yes, Designated Resource Lists
Roles that enable Compute Access only
Compute Role
Prisma Cloud Role
System Admin (Only allow compute access)
System Admin with Compute Access Only
Auditor
Account Group Admin with Compute Access Only
Auditor
Account and Cloud Provisioning Admin with Compute Access Only
DevSecOps
Account Group Read only with Compute Access only
Dashboard
No
No
No
No
Inventory
No
No
No
No
Save Asset filter(s)
No
No
No
No
Delete Asset Filter(s)
No
No
No
No
Investigate
Running Queries
No
No
No
No
Save Searches
No
No
No
No
Edit / Delete Saved Search
No
No
No
No
Policies
View Policy
No
No
No
No
Create Policy
No
No
No
No
Add/Edit CLI Remediation in Policy
No
No
No
No
Edit / Delete / Disable Policy
No
No
No
No
Compliance
Compliance Dashboard
No
No
No
No
Create / Edit Reports
No
No
No
No
Download Reports
No
No
No
No
Delete Reports
No
No
No
No
Create / Edit / Delete Compliance Standards
No
No
No
No
View Compliance Standards
No
No
No
No
Save Compliance Filter(s)
No
No
No
No
Delete Compliance Filter(s)
No
No
No
No
Alerts
View / Search Alerts
No
No
No
No
Dismiss / Resolve / Snooze Alerts
No
No
No
No
Save Alert Filter(s)
No
No
No
No
Delete Alert Filter(s)
No
No
No
No
Create Report
No
No
No
No
Download Reports
No
No
No
No
Delete Reports
No
No
No
No
View Alert Rules
No
No
No
No
Create / Edit / Delete / Disable Alert Rules
No
No
No
No
View Notification Templates
No
No
No
No
Create / Edit / Delete Notification Templates
No
No
No
No
Compute
Yes
Yes - Auditor
Yes - Auditor
Yes- DevSecOps User
Radar
Yes
Yes read-only access to data relevant to the account in account group
Yes read-only access to data relevant to account in account group
Yes
Defend
Yes
Yes read-only access to all data
Yes read-only access to all data
No
Monitor
Yes
Yes read-only access to data relevant to account in account group
Yes read-only access to data relevant to account in account group
Yes
Manage
Yes
View All Logs, Defenders - Manage deployed to account group, Alerts - View, Collections and Tags - Read Only, Authentication - Read Only, System - Downloads - Jenkins Plugin and twistcli
View All Logs, Defenders - Manage deployed to account group, Alerts - View, Collections and Tags - Read Only, Authentication - Read Only, System - Downloads - Jenkins Plugin and twistcli, path to console
Yes
Settings
View Accounts
No
No
No
No
View Account Details
No
No
No
No
Create / Edit / Delete / Disable Accounts
No
No
No
No
View Account Groups
No
No
No
No
Create / Edit / Delete Account Groups
No
No
No
No
Create / View / Edit / Delete User Roles
Read-only access to view the roles assigned for self
Read-only access to view the roles assigned for self
Read-only access to view the roles assigned for self
Read-only access to view the roles assigned for self
Create / View / Edit / Delete / Disable Users
No
No
No
No
Add/Activate/Deactivate/Delete Access Keys
Yes
Can manage access keys for self
Yes
Can manage access keys for self
Yes
Can manage access keys for self
Yes
Can manage access keys for self
View / Edit SSO Settings
No
No
No
No
Create / View / Edit / Delete / Disable Integrations
No
No
No
No
View/Edit Trusted IP Addresses
No
No
No
No
View Licensing Info
No
No
No
No
View Prisma Cloud Audit Logs
No
No
No
No
View/Edit Anomaly Settings
No
No
No
No
View/Edit Enterprise Settings
No
No
No
No
Resource Lists
Create Resource List
No
No
No
No
Update Resource List
No
No
No
No
Delete Resource List
No
No
No
No
View Resource Lists
No
No
No
No

Recommended For You