>
    Strata Copilot
    User Roles for Strata Logging Service
    Focus
    Download PDF
    Focus
    1. Home
    2. Strata Logging Service
    3. Strata Logging Service Administration
    4. Introduction to Strata Logging Service
    5. User Roles for Strata Logging Service
    Download PDF
    Strata Logging Service

    User Roles for Strata Logging Service

    Table of Contents

    User Roles for Strata Logging Service

    Learn about Strata Logging Service user roles.
    Where Can I Use This?What Do I Need?
    • Prisma Access (Managed by Strata Cloud Manager)
    • Prisma Access (Managed by Panorama)
    • NGFW (Managed by PAN-OS or Panorama)
    • NGFW (Managed by Strata Cloud Manager)
    • Strata Logging Service license
    The way that you assign roles for Strata Logging Service depends on the status of your transition to the Prisma™ SASE Platform.
    Newly ActivatedTransitioned to a Tenant Service GroupPre-Transition
    If you activated Strata Logging Service with Prisma Access or another product after August 2022, then you're using Identity & Access on the Prisma SASE Platform for license and role management. Rather than read this topic any further, go to Common Services: Identity & Access to see how to manage roles with Prisma SASE. Was your Strata Logging Service instance recently transitioned to a tenant service group (TSG)? If so, there's a new way to manage administrator roles and access using Identity & Access. To learn more, see Common Services: Identity & Access Did you activate Strata Logging Service before August 2022? You should have already received information about the transition of your Strata Logging Service instance. You'll receive an email when it's time for you to transition. Until your transition is complete, continue to manage roles using the information below.
    Role-based access control (RBAC) enables you to assign privileges and access rights to administrative users through role assignment. You create user accounts in the Customer Support Portal (CSP), assign them roles in the hub, and limit the data and functionality they can access by site in the Strata Logging Service app.
    Strata Logging Service supports the following user roles:
    • App Administrator
    • Instance Administrator
    • Log Viewer Admin
    The App Administrator and Instance Administrator are common roles that are available to every Palo Alto Networks app. To learn more about them, see Available Roles.
    For Strata Logging Service instances that are transitioned to TSG, support the following user roles. Refer here for information about permissions for these user roles:
    • Multitenant Superuser
    • SOC Analyst
    • Superuser
    • View Only Administrator
    The only user role specifically for Strata Logging Service is Log Viewer Admin. The permissions for this role is same as for the SOC Analyst user role.
    Note that custom roles are not supported for Strata Logging Service.
    User Role Role DefinitionAccess Control
    Log Viewer Admin
    Same permissions as SOC Analyst. You can only view and export data in the Explore tab of the Strata Logging Service app or in the Log Viewer in Strata Cloud Manager.
    • View the logs in Explore or Log Viewer.
    • Filter logs using queries.
    • Export log data - Ensure that Browser user role is not assigned along with this role. Browser role restricts you to export logs.

    © 2026 Palo Alto Networks, Inc. All rights reserved.