System Roles

Prisma SD-WAN provides system roles with a pre-defined set of permissions. The table below describes Prisma SD-WAN system roles and responsibilities.
Prisma SD-WAN Roles
Prisma SD-WAN Groups defined in a Customer IdP System
Responsibilities
Root (tenant_root)
cloudgenix_tenant_root
Role assigned to a single user who has complete control over all aspects of a customer account. A root user is a fall back user account and not used for regular day-to-day access, administration, or management.
Super Administrator (tenant_super_admin)
cloudgenix_tenant_super
A user with super administrator privileges to manage other user accounts and all aspects of the network. A Super administrator performs all the configuration tasks allowed by the IAM Administrator, Network Administrator, and Security Administrator roles.
IAM Administrator (tenant_iam_admin)
cloudgenix_tenant_iam_admin
A user with IAM privileges to manage other user accounts. An IAM Administrator creates, deletes, edits users and/or roles.
Network Administrator (tenant_network_admin)
cloudgenix_tenant_network_admin
A user with network administrator privileges to manage all aspects of the network. A network administrator does not have permissions to manage security features or functions. A network administrator performs the following configuration and monitoring functions:
  • Create, delete, edit sites.
  • Claim, declaim, assign device.
  • Configure the interface.
  • Create, delete, edit network policies.
  • Assign or un-assign network policies to sites.
  • Create, delete, edit network policy rules.
  • Create, delete, edit custom application definitions.
  • Create, delete, edit prefix filters.
  • Configure BGP and other routing objects like route maps, AS path lists, prefix filters.
  • Configure SNMP, Syslog, DNS service, IPFIX, and IP community lists on data center and branch device,
  • Monitor security flows.
  • Monitor traffic utilization through network and application performance activity charts.
Security Administrator (tenant_security_admin)
cloudgenix_tenant_security_admin
A user with security administrator privileges to manage security aspects of the network. A security administrator does not have permissions to manage a network.A security administrator performs the following configuration and monitoring functions:
  • Create, delete, edit security zones.
  • Bind or unbind zones to sites.
  • Create, delete, edit security rules.
  • Bind or unbind security policies to sites.
  • Monitor security flows.
  • Monitor traffic utilization through network and application performance activity charts.
View-only User (tenant_viewonly)
cloudgenix_tenant_viewonly
One or more user accounts with read-only privilege to view network configuration and analytics. This user cannot edit or create any features and functions in the network. A view-only user may view the following:
  • View device/interface configuration.
  • View network policies.
  • View security policies.
  • View system and custom applications.
  • View prefix filters.
  • Monitor security flows.
  • Monitor traffic utilization through network and application performance activity chart.

Recommended For You