Strata Cloud Manager
Manage: Access Control
Table of Contents
Expand All
|
Collapse All
Strata Cloud Manager Docs
-
- Strata Copilot
- Command Center: Strata Cloud Manager
-
- Dashboard: Build a Custom Dashboard
- Dashboard: Executive Summary
-
- WildFire Dashboard: Filters
- WildFire Dashboard: Total Samples Submitted
- WildFire Dashboard: Analysis Insights
- WildFire Dashboard: Session Trends For Samples Submitted
- WildFire Dashboard: Verdict Distribution
- WildFire Dashboard: Top Applications Delivering Malicious Samples
- WildFire Dashboard: Top Users Impacted By Malicious Samples
- WildFire Dashboard: Top Malware Regions
- WildFire Dashboard: Top Firewalls
- Dashboard: DNS Security
- Dashboard: AI Runtime Security
- Dashboard: IoT Security
- Dashboard: Prisma Access
-
- Application Experience Dashboard: Mobile User Experience Card
- Application Experience Dashboard: Remote Site Experience Card
- Application Experience Dashboard: Experience Score Trends
- Application Experience Dashboard: Experience Score Across the Network
- Application Experience Dashboard: Global Distribution of Application Experience Scores
- Application Experience Dashboard: Experience Score for Top Monitored Sites
- Application Experience Dashboard: Experience Score for Top Monitored Apps
- Application Experience Dashboard: Application Performance Metrics
- Application Experience Dashboard: Network Performance Metrics
- Dashboard: Best Practices
- Dashboard: Compliance Summary
-
- Prisma SD-WAN Dashboard: Device to Controller Connectivity
- Prisma SD-WAN Dashboard: Applications
- Prisma SD-WAN Dashboard: Top Alerts by Priority
- Prisma SD-WAN Dashboard: Overall Link Quality
- Prisma SD-WAN Dashboard: Bandwidth Utilization
- Prisma SD-WAN Dashboard: Transaction Stats
- Prisma SD-WAN Dashboard: Predictive Analytics
- Dashboard: PAN-OS CVEs
- Dashboard: CDSS Adoption
- Dashboard: Feature Adoption
- Dashboard: On Demand BPA
- Manage: IoT Policy Recommendation
- Manage: Enterprise DLP
- Manage: SaaS Security
- Manage: Prisma Access Browser
- Reports: Strata Cloud Manager
-
-
- Strata Cloud Manager Release Information
-
- New Features in February 2025
- New Features in January 2025
- New Features in December 2024
- New Features in November 2024
- New Features in October 2024
- New Features in September 2024
- New Features in August 2024
- New Features in July 2024
- New Features in June 2024
- New Features in May 2024
- New Features in April 2024
- New Features in March 2024
- New Features in February 2024
- New Features in January 2024
- New Features in November 2023
- New Features in October 2023
- New Features in September 2023
- Known Issues
- Addressed Issues
- Getting Help
Manage: Access Control
Configure scope management to enforce role-based access control for Strata Cloud Manager.
Where Can I Use This? | What Do I Need? |
---|---|
|
Each of these licenses include access to Strata Cloud Manager:
→ The features and capabilities available to you in Strata Cloud Manager depend on which license(s) you are
using.
|
Role-based access control (RBAC) enables you to define the privileges and
responsibilities of administrative users (administrators). Every administrator must
have a user account that specifies a role and authentication method. Prisma Access Managed by Strata Cloud Manager implements custom RBAC, to enable
you to manage roles or specific permissions, and assign access rights to
administrative users. Using RBAC, you can manage users and their access to various
resources within Managed by Strata Cloud Manager.
RBAC is not supported for SaaS Security Inline and Behavior
Threats. All tabs under Discovered Apps and
Behavior Threats are visible to all users, regardless of
their assigned roles.
Administrator Roles
Your role determines your access and permissions on the service. When you assign
a role, you define the permission group and account groups the administrator can
manage. Prisma Access includes the following built-in permission groups
for administrators.
- App Administrator—Has full access to the given app, including all instances added to the app in the future. App Administrators can assign roles for app instances, and they can also activate app instances specific to that app.
- Instance Administrator—Has full access to the app instance for which this role is assigned. The Instance Administrator can also make other users an Instance Administrator for the app instance. If the app has predefined or custom roles, the Instance Administrator can assign those roles to other users.
- Super Reader—Can view all config elements, logs, and settings. Super Readers can’t make changes to other settings.
- Audit Admin—Can view and manage logs and log settings only. Audit Admins can’t make changes to other settings.
- Crypto Admin—Can view logs, and manage cryptographic settings such as IKE, IPSec, master key management, and certificate configuration. Crypto Admins can’t view or make changes to other settings.
- Security Admin—Can view logs and manage all settings except the cryptographic settings that are available to the Crypto Admin role.
- Web Security Admin—Can view configuration elements related to Web Security only.
- Data Loss Prevention Admin—Can access Enterprise DLP settings but cannot push configuration changes to Prisma Access.
- Data Security Admin—Can access Enterprise DLP and SaaS Security controls, but cannot push configuration changes to Prisma Access.
- SaaS Admin—Can access SaaS Security settings but cannot push configuration changes to Prisma Access.
Custom Role-Based Access Control — Setup
Here’s how to use a predefined role or create a custom role, assign a role to a
user, and manage the user scope when you access the Prisma Access
application.
- Add a Custom Role Through Common ServicesIf you require more granular access control than the predefined roles provide, you can add custom roles to define which permissions are enforced for your users. Similar to predefined roles, custom roles are a set of permissions and permission sets. Unlike predefined roles, each custom role is assignable only to the users in the hierarchy under the Tenant Service Group (TSG) where it is defined. This avoids name conflicts between similarly named custom roles defined by different customers.If you add a custom role at the top level (parent level) of the hierarchy, that role is assigned to the tenants nested below so that the parent tenant can manage the child tenants.
- Add User Access Through Common ServicesThe Common Services: Access and Identity enables you to add user access to the platform as well as to the tenants you created.
- Assign a Predefined Role to a Tenant User or Service Account Through Common ServicesIf you already added users and want to add additional roles, you can also assign a batch of predefined roles. Review additional information about roles and permissions.
- Create a New Scope in the Prisma Access Managed by Strata Cloud Manager UIPrisma Access Managed by Strata Cloud Manager enables you (as an administrator) to assign a management scope to other Strata Cloud Manager users (non-administrator) to associate permissions based on scopes such as folders and snippets.The permissions are actions that are allowed in the system. Permissions represent a specific set of application programming interface (API) calls that you use to read, write, and delete objects within the systems. All permissions are grouped into roles.