Maintaining the principle of least privilege requires granular control over administrative access. Previously, administrators managing Panorama Managed Prisma® Access lacked the ability to assign granular permissions to the Cloud Services plugin, risking over-privileged access for users who only needed read-only or limited functionality. This feature allows you to enforce the principle of least privilege by configuring specific access levels—such as read-only or full access—to the Cloud Services plugin through existing Panorama admin roles, enhancing administrative security and compliance. You can create a networking-focused user who edit plugin configurations and push configuration changes, a security-focused users who can make changes to security policy rules and push configuration changes, or a hybrid user with read-only privileges.

What's New: Under the Plugins tab in the Admin Role Profile, a new cloud_services tree has been introduced. This section includes two distinct leaf nodes:

• Configuration: Controls access to modify or view cloud services configurations.
• Status: Controls access to view the operational status of cloud services.

This enhancement allows superusers to assign highly specific permissions (Enable, Read Only, or Disable) to custom admin roles, limiting access to only what is necessary for their job function.

Where to Find It: Navigate to PanoramaAdmin RolesAdmin Role ProfilePlugins.