Custom Roles

You can build custom roles by combining existing system roles and permissions in different ways. You can create them by assembling a set of system permissions or by adding or removing permissions from system roles.
An
IAM administrator
or a
Super Administrator
creates, updates, and deletes custom roles for an enterprise, or assigns system and custom roles to an end user. However,
Super Administrator
or
IAM administrator
cannot delete a custom role in use.
As an administrator, you can view all the permissions and system roles in the system on the Prisma SD-WAN web interface. You can associate custom roles with multiple system roles, multiple system permissions, or multiple system permissions and disallowed system permissions. However, you cannot create a custom role with Root as the base system role.
Construct custom roles by selecting and assembling:
  • A set of system permissions.
  • A set of system roles and system permissions.
  • A set of system roles and disallowed system permissions.
  • A set of system roles, system permissions, and disallowed system permissions.
If a custom role includes more than one system permission, then additional permissions become a part of the overall set of permissions, even if independently specified at different times and a disallowed permission overrides an allowed permission included through system roles or through explicit means.

Recommended For You