From 8478cd251846c57f9b14e96d70d813aaf1e15cf1 Mon Sep 17 00:00:00 2001 From: Loria Kutch Date: Fri, 21 Jul 2023 14:13:13 -0700 Subject: [PATCH] updated role names --- products/sase/docs/all-roles.mdx | 15 ++++++++++++--- 1 file changed, 12 insertions(+), 3 deletions(-) diff --git a/products/sase/docs/all-roles.mdx b/products/sase/docs/all-roles.mdx index d65a7e707..f5c60ef7b 100644 --- a/products/sase/docs/all-roles.mdx +++ b/products/sase/docs/all-roles.mdx @@ -14,17 +14,26 @@ The following are all the roles currently supported by SASE: | Role | UI Label | Description | | ------------------- | --------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | +| adem_tier_1_support | ADEM Tier 1 Support | This role provides access to specific incident remediation workflows for Prisma Access ADEM. | | auditor | Auditor | This role provides read-only access to functions related to all configuration, including subscriptions and licenses. Assign this role to users or service accounts that need to examine the system for accuracy. | +| browser | Browser | This role provides access to only the essential features required by Palo Alto Networks UI Applications. | | business_admin | Business Administrator | This role provides access to all subscription and license management. This role also provides read-only access to other functions, including but not limited to: access policies, service accounts, and tenant service group operations. | | data_security_admin | Data Security Administrator | This role provides access to all data security functions. In addition, it provides read-only access to logs. This role contains a very small subset of privileges compared to the Security Admin role. | | deployment_admin | Deployment Administrator | This role provides access to functions related to deployments. In addition, this role provides read-only access to other functions. | +| dlp_incident_admin | DLP Incident Administrator | This role provides access to functions related to dlp incident and report. This role also provides read-only access to other functions, including but not limited to: data profile, data filtering profile, data pattern, EDM and OCR settings. | +| dlp_policy_admin | DLP Policy Administrator | This role provides access to functions related to dlp policy including but not limited to: data profile, data filtering profile, data pattern, EDM and OCR settings. | | iam_admin | IAM Administrator | This role provides access to identity and authentication functions. In addition, it provides read-only access to logs. Assign this role to users or service accounts that need to manage users or service accounts. | -| msp_iam_admin | MSP IAM Administrator | This role provides access to identity and authentication functions for all tenants in a multitenant hierarchy. In addition, it provides read-only access to logs. | -| msp_superuser | MSP Superuser | This role provides full read and write access to all functions for all tenants in a multitenant hierarchy. Assign this role only to users or service accounts that need unrestricted access to the MSP portal. | +| msp_iam_admin | Multitenant IAM Administrator | This role provides access to identity and authentication functions for all tenants in a multitenant hierarchy. In addition, it provides read-only access to logs. | +| msp_superuser | Multitenant Superuser | This role provides full read and write access to all functions for all tenants in a multitenant hierarchy. Assign this role only to users or service accounts that need unrestricted access to the MSP portal. | +| mt_manage_user | Multitenant Manage User | This role provides access to functions related to multitenant management and other common resources. | +| mt_monitor_user | Multitenant Monitor User | This role provides access to functions related to multitenant monitoring and other common resources. | | network_admin | Network Administrator | This role provides access to functions related to network configuration. This role also provides read-only access to other functions, including but not limited to: alerts, license quotas, devices, and tenant service group operations. | | security_admin | Security Administrator | This role provides access to functions related to security policy configuration. This role also provides read-only access to other functions, including but not limited to: alerts, license quotas, devices, and tenant service group operations. | +| soc_admin | SOC Administrator | This role allows the administrator to assess incidents and remediate risks in SaaS Security. This administrator cannot access SaaS Security API settings or modify policy rules. | | soc_analyst | SOC Analyst | This role provides read-only access to functions related to logs, reports, events, alerts, and all configuration. Assign this role to users or service accounts that need to view and investigate threats and trends. | +| sspm_appowner_superuser | Posture Security Administrator | This role provides full SSPM functionality but only for the SaaS application(s) that the administrator onboards themselves. It is intended to give IT/SaaS administrators full SSPM read and write access to the SaaS apps they are responsible for. | | superuser | Superuser | This role provides full read and write access to all the available system-wide functions. It includes all the permissions of all the other roles, including MSP Superuser. Assign this role only to users or service accounts that need unrestricted access. | | tier_1_support | Tier 1 Support | This role provides access to specific incident remediation workflows that update network, security, SD-WAN, GlobalProtect, and device configuration. This role also provides read-only access to other functions. | | tier_2_support | Tier 2 Support | This role provides access to specific incident remediation workflows that update network, security, SD-WAN, GlobalProtect, and device configuration. This role also provides read-only access to other functions. | -| view_only_admin | View Only Administrator | Read only access to all functions. | +| view_only_admin | View Only Administrator | Read only access to all functions. | +| web_security_admin | Web Security Admin | This role provides access to functions related to web security for Prisma Access. | \ No newline at end of file