What are the Administrator Roles available in Prisma Cloud?
15004
Created On 05/02/22 10:37 AM - Last Modified 05/03/22 11:31 AM
Question
What are the Administrator Roles available in Prisma Cloud?
Environment
- Prisma Cloud
Answer
- A user on Prisma Cloud is someone who has been assigned administrative privileges, and a role defines the type of access that the administrator has on the service.
- When you define a role, you specify the permission group and the account groups or repositories that the administrator can manage or view.
- Prisma Cloud has the following permission groups built-in for Administrators : Prisma Cloud Administrator Roles
NOTE:
-
Only an Administrator with 'System Admin' Role (Prisma Cloud Role) and 'Sys Admin' (Compute Role) can Create / View / Edit / Delete User Roles.
-
Further, other Roles only have Read-only access to view the Roles assigned for self.
-
If an Administrator with another Role tries to Create / View / Edit / Delete User Roles, the following Error will be encountered :
Role create failed due to an unknown error. Please contact your Prisma Cloud support team
Example
1. User "TEST" is created and assigned to Administrator Role "Cloud Provisioning Admin". This user is only able to view Roles assigned to Self.
2. When this User tries to Create a new Role under Settings > Access Control > Users > Add > Role, the following error is encountered:
Additional Information
- In Prisma Cloud Enterprise Edition, you can assign permission groups to user roles to control their level of access to Prisma Cloud.
- Permission groups determine what a user can do and see in Prisma Cloud UI, and the APIs he or she can access. These permission groups are mapped to Compute according to the table here: Prisma Cloud Compute User Roles
- To view a list of the access privileges associated with each role for different parts of the Prisma Cloud Administrative Console, refer: Prisma Cloud Administrator Permissions