Manage access to custom dashboards - Learn more about managing access to custom dashboards in Cortex Cloud. - Administrator Guide

Manage access to custom dashboards - Learn more about managing access to custom dashboards in Cortex Cloud. - Administrator Guide - Cortex CLOUD

Cortex Cloud Runtime Security Documentation

Product

Cortex Cloud Application Security > Cortex CLOUD

License

Cloud Runtime Security

Creation date

2024-12-24

Last date published

2026-06-16

Prerequisite

Configure tenant-level settings: An administrator must first establish the sharing framework under Settings → Configurations → Access Management → Objects.
The configuration of these settings defines the authorized sharing workflows for for all custom objects, including dashboards:
- Enable "Owners can Share objects they created": Grants owners the ability to share dashboards with specific users and user groups. In the Dashboard Manager, this enables the Share option.
- Disable "Owners can Share objects they created": Restricts owners to managing only General access (Public vs. Restricted). In the Dashboard Manager, this replaces the Share option with the Manage Access option.
For more information on configuring tenant-level settings, see Manage access to objects.
Define Scope-Based Access Control (SBAC): While object-level sharing grants access to the dashboard's layout and configuration, users must also have the appropriate SBAC permissions to view the actual data populated within the widgets. If a user has access to a shared dashboard but lacks the required data scope for the underlying datasets, the dashboard will load, but the widgets may appear empty or display an error. For more information on defining SBAC, see Manage user scope.

Because dashboards are composed of multiple widgets, it is important to understand how access is applied to these individual components:

Widgets are not objects: Unlike dashboards, individual widgets are not treated as independent objects. They do not have their own "Share" dialog and cannot be shared independently. Within the Widget Library, a widget is set to either Restricted (visible only to the creator) or Public (visible to all with Widget Library access).
Inherited access: Any user who has been granted access to a custom dashboard (as a Viewer or Editor) can see all the widgets contained within that dashboard, including those marked as Restricted. This means you may see a widget on a shared dashboard that you cannot see in the Widget Library even if you have access to it.
- Dashboard Editors: Can edit the dashboard layout, but the widget is only available in their Widget Library for editing when the widget is Public.
- Dashboard Viewers: Can't make any changes to dashboards or widgets that are Restricted.

Role permissions define the functional capabilities for dashboards and the Widget Library, and determine what actions a user can take.

Select Settings → Configurations → Access Management → Roles.
Right-click the relevant user role, and select Edit Role.
Under Components, expand Dashboards & Reports, and locate Dashboards.
Configure access state:
- Disabled: Users cannot navigate to Dashboards & Reports → Dashboard Manager or Dashboards & Reports → Widget Library. Dashboards cannot be shared with this role. If the user previously owned or had access to shared dashboards, they are no longer available.
- Enabled: Allows dashboards to be accessed and managed according to defined sub-permissions. Grants access to the Widget Library as explained below in Manage the Widget Library.
If Enabled, assign specific capabilities to control the UI:
- Create Dashboards: Enables the New Dashboard button on the Dashboard Manager page, allowing the user to create new custom dashboard objects. The user who performs this action becomes the Owner of the object and is granted the inherent right to edit, delete, and manage sharing for that specific object..
- Edit Public Dashboards: Allows the user to modify custom dashboards set to Public, even if they are not the owner.
Click Save.

The Widget Library is the central repository for predefined and custom widgets and is intended for browsing and selecting widgets to add to a dashboard. Access to and visibility within the Widget Library is determined by role-level permissions and your specific access level to the dashboards where those widgets reside:

Access to the Widget Library: To access the Widget Library, your role must have the Create Dashboards or Edit Public Dashboards capability. Users who only have "View" permissions for dashboards cannot access the Widget Library.
Widget Library visibility: Visibility within the Widget library depends on ownership and inherited dashboard and widget permissions:
- Public and personal widgets: You can always see widgets you created (Restricted) and widgets marked as Public.
- Inherited access via dashboards: If a Restricted widget was created by another user but is part of a dashboard shared with you, you won't see it in the Widget Library and it can't be edited (unless you are an administrator).
Note
If you're designated as an Editor, you can always duplicate the widget and make your changes on the copy.

Once a custom dashboard exists in the Dashboard Manager, the Owner (or an authorized Editor) defines who can see or edit it.

Select Dashboards & Reports → Dashboard Manager.
Locate the custom dashboard that you want to share in the table.
Right-click the custom dashboard and select the available access option. The menu option you see depends on your tenant-level settings:
- Share: Use this if your admin enabled sharing. It allows you to grant access to specific users/groups and change the General access (Public/Restricted).
- Manage Access: Use this if sharing is disabled. It is a restricted view that only allows you to toggle the General access between Public and Restricted. You cannot grant access to specific individuals.
(If sharing is enabled) Search for the User or User Group, and assign the access level: Viewer (read-only) or Editor (can modify and share).
Set the General access state:
- Restricted: Private to the Owner and the others granted access.
- Public: Visible to all users with the Dashboard component enabled in their role.
Click Save.

The following icons help you identify the security access of your custom dashboards:

: A Restricted custom dashboard you created that is not shared with anyone else.
: A custom dashboard you created that is currently shared with other users or user groups.
: A custom dashboard created by another user that has been shared with you.
: A standard system dashboard provided by Palo Alto Networks. These are always Public and cannot be deleted or edited, and their ownership cannot be transferred. Yet, you can Duplicate a system dashboard to create a custom version that you can then modify and share.

Prerequisite

Note

Note