You can build custom roles by combining
existing system roles and permissions in different ways. You can
create them by assembling a set of system permissions or by adding
or removing permissions from system roles.
updates, and deletes custom roles for an enterprise, or assigns
system and custom roles to an end user. However,
cannot delete a custom role in use.
As an administrator, you can view all the permissions and system
roles in the system on the Prisma SD-WAN web interface. You can
associate custom roles with multiple system roles, multiple system
permissions, or multiple system permissions and disallowed system
permissions. However, you cannot create a custom role with Root
as the base system role.
Construct custom roles by selecting and assembling:
A set of system permissions.
A set of system roles and system permissions.
A set of system roles and disallowed system permissions.
A set of system roles, system permissions, and disallowed
If a custom role includes more than one system permission, then
additional permissions become a part of the overall set of permissions,
even if independently specified at different times and a disallowed
permission overrides an allowed permission included through system
roles or through explicit means.