User Roles for Strata Logging Service
Focus
Focus
Strata Logging Service

User Roles for Strata Logging Service

Table of Contents

User Roles for
Strata Logging Service

Learn about
Strata Logging Service
user roles.
Where Can I Use This?
What Do I Need?
  • Prisma Access (Managed by Strata Cloud Manager)
  • Prisma Access (Managed by Panorama)
  • NGFW (Managed by PAN-OS or Panorama)
  • NGFW (Managed by Strata Cloud Manager)
  • Strata Logging Service
    license
The way that you assign roles for
Strata Logging Service
depends on the status of your transition to the Prisma™ SASE Platform.
Newly Activated
Transitioned to a Tenant Service Group
Pre-Transition
If you activated
Strata Logging Service
with
Prisma Access
or another product after August 2022, then you're using Identity & Access on the Prisma SASE Platform for license and role management. Rather than read this topic any further, go to Common Services: Identity & Access to see how to manage roles with Prisma SASE.
Was your
Strata Logging Service
instance recently transitioned to a tenant service group (TSG)? If so, there's a new way to manage administrator roles and access using Identity & Access. To learn more, see Common Services: Identity & Access
Did you activate
Strata Logging Service
before August 2022? You should have already received information about the transition of your
Strata Logging Service
instance. You'll receive an email when it's time for you to transition. Until your transition is complete, continue to manage roles using the information below.
Role-based access control (RBAC) enables you to assign privileges and access rights to administrative users through role assignment. You create user accounts in the Customer Support Portal (CSP), assign them roles in the hub, and limit the data and functionality they can access by site in the
Strata Logging Service
app.
Strata Logging Service
supports the following user roles:
  • App Administrator
  • Instance Administrator
  • Log Viewer Admin
The App Administrator and Instance Administrator are common roles that are available to every Palo Alto Networks app. To learn more about them, see Available Roles.
For
Strata Logging Service
instances that are transitioned to TSG, support the following user roles. Refer here for information about permissions for these user roles:
  • Multitenant Superuser
  • SOC Analyst
  • Superuser
  • View Only Administrator
The only user role specifically for
Strata Logging Service
is Log Viewer Admin.
User Role
Role Definition
Access Control
Log Viewer Admin
Can only view and export data in the
Explore
tab of the app.
  • View the
    Explore
    tab.
  • Filter logs using queries.
  • Export log data - Ensure that Browser user role is not assigned along with this role. Browser role restricts you to export logs from Explore.

Recommended For You