Support Portal User Role Matrix
Symptom
Article provides data on the User Roles and the corresponding and permissions in the Customer Support Portal (CSP).
Environment
- Customer Support Portal
- Membership Roles
Resolution
These matrices identify the membership roles and permissions in the Customer Support Portal (CSP).
Support Portal User Roles |
Super
|
Standard
|
Limited
|
Threat
|
AutoFocus
|
Group
|
Group
|
Group
|
Group
| Bulk Registration |
Cloud
|
Domain
|
ELA
|
Credit
|
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Manage Company Account Information | X |
|
|
|
|
|
|
|
|
|
|
|
|
|
Create New User |
X |
|
|
|
|
|
|
|
|
|
|
x |
|
|
Manage Members |
X** |
Read Only |
Read Only |
|
|
|
|
|
|
|
|
x** |
|
|
Manage Assets **** |
X |
X |
X |
X |
X |
|
|
|
|
|
|
| ||
Manage Groups |
X |
|
|
|
|
|
|
|
|
|
X |
| ||
Case Management |
X* |
X* |
|
|
|
|
|
|
|
|
|
| ||
Auto Focus Portal (Subscription only) |
|
|
|
X |
X |
|
|
|
|
X |
|
| ||
Licensing API |
X |
|
|
|
|
|
|
|
|
|
|
| ||
Group Level Access |
|
|
|
|
|
|
|
|
|
|
|
| ||
Create New Group User |
X |
|
|
|
|
X |
|
|
|
|
X |
| ||
Manage Group Members |
|
|
|
|
|
X |
Read Only |
Read Only |
|
|
|
| ||
Manage Group Assets |
|
|
|
|
|
X |
X |
X |
X |
|
|
| ||
Case Management |
|
|
|
|
|
X* |
X* |
|
|
|
|
| ||
Auto Focus Portal (Subscription only) |
|
|
|
|
|
|
|
|
| |||||
Wildfire Portal |
X |
X |
X |
|
|
X |
X |
X |
X |
X |
X | X |
| |
Threat Vault |
X |
X |
X |
|
|
X |
X |
X |
|
|
|
| ||
Applipedia |
X |
X |
X |
|
|
X |
X |
X |
|
|
|
| ||
ELA Tokens |
X | |||||||||||||
Initial hub account admin |
X | |||||||||||||
Transfer Software NGFW/CN Tokens ***** |
|
X | ||||||||||||
Management of Software NGFW/CN Tokens | x | x | ||||||||||||
Linked Accounts | x | X | ||||||||||||
Bulk Registration/History (add on to Super or Standard User) | x | |||||||||||||
Cloud Services *** | x | x | x | x | X |
+ When a user is assigned Limited Role, the user will not be able to create nor manage support cases for all Palo Alto Networks products. To enable a user to create and manage support cases, assign them Standard User role, which will also give these users the ability to manage assets. Cloud Product role has no effect on managing support cases.
* All users in the main account and groups with Case Management visibility will be able to view each others cases. Cases are not segmented by group.
** Only a Super User with Domain Admin role can edit another user with Super User/Domain Admin roles.
*** Cloud Product Role: User with Cloud Product only role can log in to XDR. XDR roles can then be assigned to the user.
**** Manage Assets capability enables a user to manage any product in Palo Alto Networks' product portfolio.
***** Credit Admin role enables a user to fully manage all Software NGFW/CN credit pool features, including creating Deployment Profiles, registering firewalls, transferring tokens between Deployment Profiles (DP), more. Please keep in mind Standard and Limited Users can also perform all Software NGFW/CN credit pool features, except users with these two roles do not have the ability to transfer tokens between DPs.
Note: User with Cloud Product role will be able to view only Cloud Assets and does not have access to Case Management. To give users access to Case Management, give them Standard User role.
Support Portal User Roles | Super User + ELA Admin | Super User + Domain Admin |
---|---|---|
All Super User Permissions | X | X |
Administer Account Linkage | X | |
Administer Third-Party IDP | X | |
Administer ELA Grants | X | |
Administer ELA Tokens | X | |
Additional Information
- Super User
- Standard User
- Limited User
Configuring multiple roles is not required as the Super User Role overwrites the Standard User Role.
- Group Super User
- Group Standard User
- Group Limited User.