Focus
Focus
Table of Contents

Custom Roles

Learn to build custom roles by combining existing roles and permissions in different ways. Custom roles only include allowed system roles and permissions for the respective enterprise.
You can build custom roles by combining existing system roles and permissions in different ways. You can create them by assembling a set of system permissions or by adding or removing permissions from system roles. Custom roles only include allowed system roles and permissions for the respective enterprise.
An
IAM administrator
or a
Super Administrator
creates, updates, and deletes custom roles for an enterprise, or assigns system and custom roles to an end user. However,
Super Administrator
or
IAM administrator
cannot delete a custom role in use.
As an administrator, you can view all the permissions and system roles in the system on the
Prisma SD-WAN
web interface. You can associate custom roles with multiple system roles, multiple system permissions, or multiple system permissions and disallowed system permissions. However, you cannot create a custom role with Root as the base system role.
Construct custom roles by selecting and assembling:
  • A set of system permissions.
  • A set of system roles and system permissions.
  • A set of system roles and disallowed system permissions.
  • A set of system roles, system permissions, and disallowed system permissions.
If a custom role includes more than one system permission, then additional permissions become a part of the overall set of permissions, even if independently specified at different times and a disallowed permission overrides an allowed permission included through system roles or through explicit means.

Recommended For You