Custom Roles
Learn to build custom roles by combining existing roles and permissions in different
ways. Custom roles only include allowed system roles and permissions for the respective
enterprise.
| Where Can I Use
This? | What Do I Need? |
|---|
You can build custom roles by combining existing system roles and permissions in
different ways. You can create them by assembling a set of system permissions or by
adding or removing permissions from system roles. Custom roles only include allowed
system roles and permissions for the respective enterprise.
An IAM administrator or a Super Administrator creates,
updates, and deletes custom roles for an enterprise, or assigns
system and custom roles to an end user. However, Super Administrator or IAM
administrator cannot delete a custom role in use.
As an administrator, you can view all the permissions and system
roles in the system on the Prisma SD-WAN web interface. You can
associate custom roles with multiple system roles, multiple system
permissions, or multiple system permissions and disallowed system
permissions. However, you cannot create a custom role with Root
as the base system role.
Construct custom roles by selecting and assembling:
A set of system permissions.
A set of system roles and system permissions.
A set of system roles and disallowed system permissions.
A set of system roles, system permissions, and disallowed
system permissions.
If a custom role includes more than one system permission, then
additional permissions become a part of the overall set of permissions,
even if independently specified at different times and a disallowed
permission overrides an allowed permission included through system
roles or through explicit means.
