SaaS Security Administrator's Guide
    : Add SaaS Security Posture Management Administrators
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. SaaS Security Administrator's Guide
    4. SaaS Security Posture Management
    5. Get Started with SaaS Security Posture Management
    6. Add SaaS Security Posture Management Administrators
    Download PDF

    SaaS Security Administrator's Guide

    Add SaaS Security Posture Management Administrators

    Table of Contents

    Add SaaS Security Posture Management Administrators

    Add SSPM administrators to the Cloud Management console.
    SSPM users are managed through the Common Services: Identity and Access framework, which supports role-based access control (RBAC). By using Common Services: Identity & Access, you can add a user to the platform and assign the user to a role. A role is a set of permissions that determines what the user can access in SSPM. For example, based on the roles assigned, one administrator might have full read and write access to views and functions, while another user might have only read access. A set of predefined roles are available, and you can also create custom roles tailored to your organizational needs.

    Create a Custom Role with SSPM Permissions

    Custom roles enable you to choose the privileges associated with the role so that you can restrict access to specific pages or actions in SSPM. For example, you might have a user who needs to monitor SaaS security, but you do not want them to make any configuration changes. You also do not want them to view information about identity security. For this user, you can create a role that allows a user to view the dashboard and applications pages. This role can also prevent a user from onboarding applications and from viewing identity posture information.
    1. Log in to Strata Cloud Manager as a Super User and navigate the Identity & Access roles (SettingsIdentity & AccessRoles.
    2. Add custom admin roles through Common Services. Edit the custom roles as per your requirement available under Next-Generation CASBPosture Security.
      For each parameter within a category, choose from the following options:
      • No Access—No access to the page.
      • Read— View data on the pages, view and download reports.
      • Write—Write operations, such as adding an application, changing a application's settings, or turning monitoring on or off.
    3. Save your changes.
    4. After creating the custom admin roles, assign it to specific users.
      After creating custom admin roles, the changes are reflected in the SSPM web interface. Any actions that are not permitted for a user based on their role are grayed out.

    © 2025 Palo Alto Networks, Inc. All rights reserved.