Custom Roles
Table of Contents
Expand all | Collapse all
-
-
- Add a Branch
- Add a Data Center
- Add a Branch Gateway
- Configure Circuits
- Configure Internet Circuit Underlay Link Aggregation
- Configure Private WAN Underlay Link Quality Aggregation
- Configure Circuit Categories
- Configure Device Initiated Connections for Circuits
- Add Public IP LAN Address to Enterprise Prefixes
- Manage Data Center Clusters
- Configure a Site Prefix
- Configure a DHCP Server
- Configure NTP for Prisma SD-WAN
- Configure the ION Device at a Branch Site
- Configure the ION Device at a Data Center
- Switch a Site to Control Mode
- Allow IP Addresses in Firewall Configuration
-
- Configure a Controller Port
- Configure Internet Ports
- Configure WAN/LAN Ports
- Configure a Loopback Interface
- Configure a PoE Port
- Configure and Monitor LLDP Activity and Status
- Configure a PPPoE Interface
- Configure a Layer 3 LAN Interface
- Configure Application Reachability Probes
- Configure a Secondary IP Address
- Configure a Static ARP
- Configure a DHCP Relay
- Configure IP Directed Broadcast
- VPN Keep-Alives
-
- Configure Prisma SD-WAN IPFIX
- Configure IPFIX Profiles and Templates
- Configure and Attach a Collector Context to a Device Interface in IPFIX
- Configure and Attach a Filter Context to a Device Interface in IPFIX
- Configure Global and Local IPFIX Prefixes
- Flow Information Elements
- Options Information Elements
- Configure the DNS Service on the Prisma SD-WAN Interface
- Configure SNMP
-
-
- Prisma SD-WAN Branch Routing
- Prisma SD-WAN Data Center Routing
-
- Configure Multicast
- Create a WAN Multicast Configuration Profile
- Assign WAN Multicast Configuration Profiles to Branch Sites
- Configure a Multicast Source at a Branch Site
- Configure Global Multicast Parameters
- Configure a Multicast Static Rendezvous Point (RP)
- Learn Rendezvous Points (RPs) Dynamically
- View LAN Statistics for Multicast
- View WAN Statistics for Multicast
- View IGMP Membership
- View the Multicast Route Table
- View Multicast Flow Statistics
- View Routing Statistics
- Prisma SD-WAN Incident Policies
-
- Prisma SD-WAN Branch HA Key Concepts
- Configure Branch HA
- Configure HA Groups
- Add ION Devices to HA Groups
- View Device Configuration of HA Groups
- Edit HA Groups and Group Membership
-
- Configure Branch HA with Gen-1 Platforms (2000, 3000, 7000, and 9000)
- Configure Branch HA with Gen-2 Platforms (3200, 5200, and 9200)
- Configure Branch HA with Gen-2 Embedded Switch Platforms (1200-S or 3200-L2)
- Configure Branch HA for Devices with Software Cellular Bypass (1200-S-C-5G)
- Configure Branch HA for Platforms without Bypass Pairs
- Configure Branch HA in a Hybrid Topology with Gen-1 (3000) and Gen-2 (3200) Platforms
- Prisma SD-WAN Incidents and Alerts
Custom Roles
Learn to build custom roles by combining existing roles and permissions in different
ways. Custom roles only include allowed system roles and permissions for the respective
enterprise.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
|
You can build custom roles by combining existing system roles and permissions in
different ways. You can create them by assembling a set of system permissions or by
adding or removing permissions from system roles. Custom roles only include allowed
system roles and permissions for the respective enterprise.
An IAM administrator or a Super Administrator creates,
updates, and deletes custom roles for an enterprise, or assigns
system and custom roles to an end user. However, Super Administrator or IAM
administrator cannot delete a custom role in use.
As an administrator, you can view all the permissions and system
roles in the system on the Prisma SD-WAN web interface. You can
associate custom roles with multiple system roles, multiple system
permissions, or multiple system permissions and disallowed system
permissions. However, you cannot create a custom role with Root
as the base system role.
Construct custom roles by selecting and assembling:
- A set of system permissions.
- A set of system roles and system permissions.
- A set of system roles and disallowed system permissions.
- A set of system roles, system permissions, and disallowed system permissions.
If a custom role includes more than one system permission, then
additional permissions become a part of the overall set of permissions,
even if independently specified at different times and a disallowed
permission overrides an allowed permission included through system
roles or through explicit means.