Role Based Access Control
Learn to manage roles and permissions in the enterprise
network using the Prisma SD-WAN web interface.
| Where Can I Use
This? | What Do I Need? |
|---|
Prisma
SD-WAN supports
role based access control (RBAC) to execute network and security
administration of enterprise networks through the Prisma
SD-WAN web
interface. Using RBAC, manage end users and their access to various
resources within the Prisma SD-WAN system. Assign roles and permissions
to end users to execute specific functions within a network.
Roles can be system or custom roles, which are
enabled for Single Sign-On (SSO) access through an enterprise Identity
Provider (IdP).
Roles
System roles are a pre-defined set
of permissions for each role. Use the system roles as is or map
to existing user groups as defined within a customer IdP. These
roles include a collection of one or more system permissions.
Custom
roles are assembled set of permissions from the available roles
in the system. You create them by adding or removing permissions
from a system role or creating them without inheriting any properties from
a system defined role. For example, you can create a network administrator
role with a few permissions or modify the existing security administrator
role by adding a few more system permissions to the role.
Permissions
Permissions are allowed actions
in the system. Permissions represent a specific set of application programming
interface (API) calls that you use to read, write, or delete objects
within the system. All permissions in the system are spread across
a set of system roles.
However, with the introduction of
custom roles, as an administrator, you selectively allow or disallow permissions
for a custom role, thereby, creating a unique set of permissions
for a custom role.
