>
    System Roles
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma
    3. Prisma SD-WAN
    4. Prisma SD-WAN Administrator Authorization and Authentication
    5. Role Based Access Control
    6. System Roles
    Download PDF

    System Roles

    Table of Contents

    System Roles

    Learn about the pre-defined system roles in Prisma SD-WAN.
    Where Can I Use This?What Do I Need?
    • Prisma SD-WAN
    • Active Prisma SD-WAN license
    Prisma SD-WAN provides system roles with a pre-defined set of permissions. The table below describes Prisma SD-WAN system roles and responsibilities.
    Prisma SD-WAN RolesPrisma SD-WAN Groups defined in a Customer IdP SystemResponsibilities
    Root (tenant_root)cloudgenix_tenant_root
    Role assigned to a single user who has complete control over all aspects of a customer account. A root user is a fall back user account and not used for regular day-to-day access, administration, or management.
    Super Administrator (tenant_super_admin)cloudgenix_tenant_super
    A user with super administrator privileges to manage other user accounts and all aspects of the network. A Super administrator performs all the configuration tasks allowed by the IAM Administrator, Network Administrator, and Security Administrator roles.
    IAM Administrator (tenant_iam_admin)cloudgenix_tenant_iam_admin
    A user with IAM privileges to manage other user accounts. An IAM Administrator creates, deletes, edits users and/or roles.
    Network Administrator (tenant_network_admin)cloudgenix_tenant_network_admin
    A user with network administrator privileges to manage all aspects of the network. A network administrator does not have permissions to manage security features or functions. A network administrator performs the following configuration and monitoring functions:
    • Create, delete, edit sites.
    • Claim, declaim, assign device.
    • Configure the interface.
    • Create, delete, edit network policies.
    • Assign or un-assign network policies to sites.
    • Create, delete, edit network policy rules.
    • Create, delete, edit custom application definitions.
    • Create, delete, edit prefix filters.
    • Configure BGP and other routing objects like route maps, AS path lists, prefix filters.
    • Configure SNMP, Syslog, DNS service, IPFIX, and IP community lists on data center and branch device,
    • Monitor security flows.
    • Monitor traffic utilization through network and application performance activity charts.
    Security Administrator (tenant_security_admin)cloudgenix_tenant_security_admin
    A user with security administrator privileges to manage security aspects of the network. A security administrator does not have permissions to manage a network.A security administrator performs the following configuration and monitoring functions:
    • Create, delete, edit security zones.
    • Bind or unbind zones to sites.
    • Create, delete, edit security rules.
    • Bind or unbind security policies to sites.
    • Monitor security flows.
    • Monitor traffic utilization through network and application performance activity charts.
    View-only User (tenant_viewonly)cloudgenix_tenant_viewonly
    One or more user accounts with read-only privilege to view network configuration and analytics. This user cannot edit or create any features and functions in the network. A view-only user may view the following:
    • View device/interface configuration.
    • View network policies.
    • View security policies.
    • View system and custom applications.
    • View prefix filters.
    • Monitor security flows.
    • Monitor traffic utilization through network and application performance activity chart.

    © 2024 Palo Alto Networks, Inc. All rights reserved.