User Roles for Strata Logging Service

Table of Contents

User Roles for Strata Logging Service

Learn about Strata Logging Service user roles.

Where Can I Use This?	What Do I Need?
Prisma Access (Managed by Strata Cloud Manager) Prisma Access (Managed by Panorama) NGFW (Managed by PAN-OS or Panorama) NGFW (Managed by Strata Cloud Manager)	`Strata Logging Service` license

The way that you assign roles for Strata Logging Service depends on the status of your transition to the Prisma™ SASE Platform.

Newly Activated	Transitioned to a Tenant Service Group	Pre-Transition
If you activated Strata Logging Service with `Prisma Access` or another product after August 2022, then you're using Identity & Access on the Prisma SASE Platform for license and role management. Rather than read this topic any further, go to Common Services: Identity & Access to see how to manage roles with Prisma SASE.	Was your Strata Logging Service instance recently transitioned to a tenant service group (TSG)? If so, there's a new way to manage administrator roles and access using Identity & Access. To learn more, see Common Services: Identity & Access	Did you activate Strata Logging Service before August 2022? You should have already received information about the transition of your Strata Logging Service instance. You'll receive an email when it's time for you to transition. Until your transition is complete, continue to manage roles using the information below.

Role-based access control (RBAC) enables you to assign privileges and access rights to administrative users through role assignment. You create user accounts in the Customer Support Portal (CSP), assign them roles in the hub, and limit the data and functionality they can access by site in the Strata Logging Service app.

Strata Logging Service supports the following user roles:

App Administrator
Instance Administrator
Log Viewer Admin

The App Administrator and Instance Administrator are common roles that are available to every Palo Alto Networks app. To learn more about them, see Available Roles.

For Strata Logging Service instances that are transitioned to TSG, support the following user roles. Refer here for information about permissions for these user roles:

Multitenant Superuser
SOC Analyst
Superuser
View Only Administrator

The only user role specifically for Strata Logging Service is Log Viewer Admin. The permissions for this role is same as for the SOC Analyst user role.

User Role	Role Definition	Access Control
Log Viewer Admin	Same permissions as SOC Analyst. You can only view and export data in the Explore tab of the Strata Logging Service app or in the Log Viewer in Strata Cloud Manager.	View the logs in Explore or Log Viewer. Filter logs using queries. Export log data - Ensure that Browser user role is not assigned along with this role. Browser role restricts you to export logs.

Strata Logging Service Regions

Launch Strata Logging Service

Strata Logging Service Docs

User Roles for Strata Logging Service

Strata Logging Service Docs

User Roles for Strata Logging Service

Activation & Onboarding

Next-Generation Firewalls

SASE

Cloud-Delivered Security Services

Endpoints

Visibility & Monitoring

Best Practices

Experts Corner