Role Based Access Control

Learn to manage roles and permissions in the enterprise network using the Prisma SD-WAN web interface.
Prisma SD-WAN
supports role based access control (RBAC) to execute network and security administration of enterprise networks through the
Prisma SD-WAN
web interface. Using RBAC, manage end users and their access to various resources within the Prisma SD-WAN system. Assign roles and permissions to end users to execute specific functions within a network.
Roles can be system or custom roles, which are enabled for Single Sign-On (SSO) access through an enterprise Identity Provider (IdP).


System roles are a pre-defined set of permissions for each role. Use the system roles as is or map to existing user groups as defined within a customer IdP. These roles include a collection of one or more system permissions.
Custom roles are assembled set of permissions from the available roles in the system. You create them by adding or removing permissions from a system role or creating them without inheriting any properties from a system defined role. For example, you can create a network administrator role with a few permissions or modify the existing security administrator role by adding a few more system permissions to the role.


Permissions are allowed actions in the system. Permissions represent a specific set of application programming interface (API) calls that you use to read, write, or delete objects within the system. All permissions in the system are spread across a set of system roles.
However, with the introduction of custom roles, as an administrator, you selectively allow or disallow permissions for a custom role, thereby, creating a unique set of permissions for a custom role.

Recommended For You