>
    Strata Copilot
    Enable Role Based Access to SaaS Agent Security
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Agent Security
    3. Enable Role Based Access to SaaS Agent Security
    Download PDF
    SaaS Agent Security

    Enable Role Based Access to SaaS Agent Security

    Table of Contents

    Enable Role Based Access to SaaS Agent Security

    Enable role-based access to SaaS Agent Security.
    Where Can I Use This?What Do I Need?
    • Strata Cloud Manager
    • SaaS Agent Security license
    Or any of the following licenses that include the SaaS Agent Security license:
    • CASB-X
    • CASB-PA
    • SaaS Security Posture Management license
    Role-Based Access Control (RBAC) is a security mechanism that restricts system access to authorized users based on their roles within an organization. For the SaaS Agent Security feature, RBAC is implemented to ensure a clear and secure method for granting user access, aligning with domain-specific responsibilities without requiring global super administrator privileges. This approach leverages existing predefined roles within the Strata Cloud Manager, avoiding the need to create new and custom roles.
    Configure role-based access to SaaS Agent Security by assigning a predefined role to your security administrators. The predefined roles you assign to your security administrators define which parts of SaaS Agent Security they have full or partial read and write access privileges. Review the table below to understand the predefined roles that grant role-based access to SaaS Agent Security. This information pertains only to access privileges specific to SaaS Agent Security. For detailed information about all predefined roles and what other access privileges they grant, review the Roles and Permissions.

    Add Predefined Role Based Access to SaaS Agent Security

    1. Use one of the various ways to access Identity & Access.
    2. (New admins only) Add Access to your tenant where SaaS Agent Security is active.
      This step is required only if the user for which you’re granting SaaS Agent Security access isn't already registered with the Palo Alto Networks Customer Support Portal (CSP).
    3. Assign any of the following predefined role-based access to SaaS Agent Security users.
      Predefined Role
      Permissions
      • Superuser
      • Data Security Administrator
      • Posture Security Administrator
      • MSP Superuser
      • SOC Analyst
      Permissions
      View Only Administrator
      Permissions

    Add Custom Role Based Access to SaaS Agent Security

    1. Use one of the various ways to access Identity & Access.
    2. (New admins only) Add Access to your tenant where SaaS Agent Security is active.
      This step is required only if the user for which you’re granting SaaS Agent Security access isn't already registered with the Palo Alto Networks Customer Support Portal (CSP).
    3. Select RolesCustom Roles and add a custom role.
      For SaaS Agent Security, the permissions and their corresponding descriptions are given in the following table:
      Permissions
      Description
      Agent Security
      Grant access (read/write) to Agent Security as a whole.
      Dashboard
      Grant access (read/write) to view Agent Platforms and their details.
      Identity Management
      Requires at least read access to Dashboard
      Grant access (read/write) to manage identities for AI Agents and their connected apps.
      Recommendations
      Requires at least read access to Dashboard
      Grant access (read/write) to manage Agent Risks and Recommendations.
      Remediation Actions
      Requires at least read access to Recommendations and Dashboard
      Grant access (read/write) to view and perform Automatic Remediation of risky AI Agents and/or their connected components.
      Ticket Management
      Requires at least read access to Recommendations and Dashboard
      Grant access (read/write) to manage tickets (to your integrated JIRA or Service Now instance) from Agent Security.
      Agent Platform Onboarding
      Grant access (read/write) to perform onboarding of one or more Agent Platforms and view their onboarding status.
    4. Assign the custom role you created to specific SaaS Agent Security users as per your need and Submit.

    © 2026 Palo Alto Networks, Inc. All rights reserved.