Manage Roles - Cortex Gateway Admin Guide - Cortex - Cortex - Security Operations

Cortex Gateway Administrator Guide

Product
Cortex
Creation date
2023-03-23
Last date published
2024-02-26
Category
Cortex Gateway Admin Guide
Abstract

Each user is assigned a role. You can add new roles or update existing roles which includes updating the permissions of the various components.

A role is a set of permissions that determine which actions and resources users within that role are granted access to in any of the Cortex products - Cortex XDR/XSIAM, Cortex XSOAR or Cortex XPANSE. Users are assigned to at least one role, depending on their required level of access.

In the Roles page, you can find a separate tab per each of the Cortex products - Cortex XDR/XSIAM, Cortex XSOAR and Cortex XPANSE. Use roles to assign specific view and action access privileges. The way you configure access depends on the security requirements of your organization. When clicking on the role, you can view the permissions that you have assigned to the role. If you right click on a role, you can do the following:

  • Copy the role by saving as a new role

  • Edit the role (those created by Palo Alto Networks can't be edited)

  • Remove the role (those created by Palo Alto Networks can't be removed)

  • Copy text to clipboard

  • Copy an entire row

Note

If the role refers to being created by a Palo Alto Networks it is a predefined role.

Cortex Gateway has the following predefined roles for each of the Cortex products - Cortex XDR/XSIAM, Cortex XSOAR and Cortex XPANSE:

Role

Default Permissions

Instance Administrator

View/Edit permissions for all components and access to all pages.

Instance Administrators have the same permissions as Account Admin. Account Admin is the role assigned in the CSP and has access to all Cortex Gateway instances and not just limited to one Cortex tenant.

Analyst

Mix of View and View/Edit permissions for all components and access to all pages.

Read-Only

Read permissions for all components and access to all pages.

The predefined roles provide specific access rights that cannot be changed.

Permissions

You can assign the following permissions to various components:

Note

Some of the components do not support all permission levels.

Permission

Description

None

No access to the specified component.

View

Can view but not edit the specified component.

View/Edit

Can view and edit the specified component.

Permission Levels

You can set permission levels for each component. Select the relevant Cortex product - Cortex XDR/XSIAM, Cortex XSOAR or Cortex XPANSE from the list: