Manage Roles - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Prevent Administrator Guide

Product
Cortex XDR
License
Prevent
Creation date
2023-10-31
Last date published
2024-02-14
Category
Administrator Guide
Abstract

Learn more about managing roles in the Access Management console.

Note

Managing Roles requires an Account Admin or Instance Administrator role. For more information, see Predefined User Roles.

You can manage roles for a specific tenant only using the Cortex XDR Access Management console.

On the Roles page, Cortex XDR lists the predefined user roles and custom-defined roles. Use roles to assign specific view and action access privileges to administrative user accounts. The way you configure administrative access depends on the security requirements of your organization. The built-in roles provide specific access rights that cannot be changed. The roles you create provide more granular access control.

The following is a description of the different columns in the Roles table.

  • Role Name—Name of the role.

  • Created By—Displays either the email address of the user who created a custom role or for predefined roles one of the following options is displayed.

    • access-management-pan-icon.png Palo Alto Networks—Predefined role granting user permissions in all tenants.

    • access-management-gateway-icon.png <user email address> —A custom role created in the gateway granting user permission to this tenant.

    • access-management-xdr-icon.png <user email address> —A custom role created in the Cortex XDR app granting user permission to this specific tenant.

  • Description—Description of the role.

  • Creation Time—Date and time when the role was created. The field is available for only a custom role.

  • Update Date—Date and time of when the role was last updated. The field is available for only a custom role.

  • Custom—Displays a boolean value of either Yes or No to indicate whether the role is a custom role.

When creating a New Role or editing an existing role, you can manage roles for all Cortex XDR apps and services in the Components tab of the Create Role window. Role permissions for the various Cortex XDR components are listed according to the sidebar navigation in Cortex XDR . By assigning roles, you enforce the separation of viewing access and initiating actions among functional or regional areas of your organization.

  1. Select SettingsConfigurationsAccess ManagementRoles.

  2. Manage your Cortex XDR roles.

    Cortex XDR only displays the roles available on your tenant. To view the roles and permissions for multiple tenants, see the Permission Management section.

    In the Roles table, the following options are available to help you manage roles.

    • Create a custom role based on Cortex XDR predefined role.

      1. Locate the predefined role that you want to base your custom role on, right-click, and select Save As New Role.

      2. Specify a Role Name and update the Description.

      3. In the Components tab, where the components are listed according to the sidebar navigation in Cortex XDR, update the role permissions for each Cortex XDR component to None, View, or View/Edit. Some components have an additional actions level to define.

      4. Create the role.

    • Create and save new roles based on the granular permission.

      1. Select New Role.

      2. Specify a Role Name and Description.

      3. In the Components tab, where the components are listed according to the sidebar navigation in Cortex XDR , update the role permissions for each Cortex XDR component to None, View, or View/Edit. Some components have an additional action level to define.

      4. Create the role.

    • Edit role permissions (only available for roles created in the tenant).

      1. Locate the custom role you want to edit, right-click, and select Edit Role.

      2. In the Components tab of the Edit Role window, where the components are listed according to the sidebar navigation in Cortex XDR, update the role permissions for each Cortex XDR component to None, View, or View/Edit. Some components have an additional action level to define.

      3. Edit the role.