Manage: Scope Management

Table of Contents

Manage: Scope Management

Specify which administrators can access specific folders, firewalls, Prisma Access deployments, and snippet configurations.

Where Can I Use This?	What Do I Need?
Prisma Access (with Strata Cloud Manager or Panorama configuration management) NGFWs (with Strata Cloud Manager or Panorama configuration management)	At least one of these licenses is needed to manage your configuration with `Strata Cloud Manager`; for unified management of NGFWs and Prisma Access, you'll need both: `Prisma Access` license AIOps for NGFW Premium license (use the Strata Cloud Manager app) Software NGFW Credits (for VM-Series software NGFWs) → The features and capabilities available to you in Strata Cloud Manager depend on which license(s) you are using.

Where Can I Use This?

What Do I Need?

Prisma Access

(with Strata Cloud Manager or Panorama configuration management)
NGFWs

(with Strata Cloud Manager or Panorama configuration management)

At least one of these licenses is needed to manage your configuration with Strata Cloud Manager; for unified management of NGFWs and Prisma Access, you'll need both:
- Prisma Access license
- AIOps for NGFW Premium license (use the Strata Cloud Manager app)
Software NGFW Credits

(for VM-Series software NGFWs)

→ The features and capabilities available to you in Strata Cloud Manager depend on which license(s) you are using.

Configure scope management to enforce custom role-based access control. This allows you to specify which Strata Cloud Manager administrators can access and modify specific folders, firewalls, Prisma Access deployments, and snippet configurations. Defining the scope management for your cloud admins ensures they aren’t overprovisioned and defines the read and writing access privileges for the selected folders, firewalls, Prisma Accessdeployments, and snippet configurations. The Common Services Multiple Platform and Enterprise Roles are used to define the read and write access privileges for a Strata Cloud Manager admin.

The Scope management configuration is defined across your entire Strata Cloud Manager tenant. Scope management can’t be defined for a specific folder, Prisma Access, or firewall Configuration Scope.

Only a Cloud Management administrator or a superuser can create a scope object. The Scope Management widget is not available for users with other roles.

Log in to Strata Cloud Manager.
Select ManageAccess ControlScope Management.
Create New Scope.
Define the Scope Management configuration.

Scope Management configurations are labeled as a scope object.
1. Enter a descriptive Name.
2. Select Folders and check (enable) the folders, firewalls, and Prisma Access deployments you want to include in the scope.
  
  Selecting a firewall also includes the folder that the selected firewall is associated with in the scope management configuration. Only the immediately associated folder is included, and not the parent folder.
3. Select Snippets and check (enable) the snippets you want to include.
4. Add the scope object.
Apply the scope management configuration to Strata Cloud Manager admins.
1. Assign Users to the Scope Object you created in the previous step.
2. Select a Role for the Strata Cloud Manager admin. For example, you can select MSP Superuser for a user who needs access to all functions for all tenants.
  
  Default is None. See the Common Services Multiple Platform and Enterprise Roles for more information about the read and write access privileges for each available Role.
  
  Select a specific Strata Cloud Manager admin and Clear Role to remove the currently assigned Common Services role. This applies the default None role to the admin.
3. To modify an existing scope to edit the name, and to add or remove folders, select the scope object, modify the scope as needed, and Update the scope.
4. To modify the assigned users, to add more users or change the users, click Assigned Users and modify as needed, and Close the window.