Prisma Cloud : RQL Query Types supported for Custom Role (RBAC) users

• What are the RQL Query Types supported for Custom Role (RBAC) users?

• Prisma Cloud

• All Out of the Box Default roles come with permissions for all available Query Types
• There are a total of 8 Supported Query Types for all Tenants:
  1. Asset
  2. Asset Configuration (Config)
  3. Application Asset (AppSec)
  4. Vulnerability
  5. Permission (IAM)
  6. Network Configuration (CNA)
  7. Network
  8. Audit Event
• Additionally, there is another query type called AppDNA, which is currently in Limited GA status.

• Custom roles, defined by users through Granular RBAC features, will only support the following Query Types:
  1. Asset
  2. Asset Configuration (Config)
  3. Permission (IAM)
  4. Network Configuration (CNA)
  5. Network
  6. Audit Event
• Configure the necessary permissions for the above Query types
  1. For Permission (IAM) queries - IAM module should be enabled and Investigate->Config->READ permission should be available under the User role
  2. For Network Config (CNA) queries - Investigate->Config->READ and Investigate->Network->READ permission should be available under the User role

Custom Role Unsupported Query Types:

• Following Query Types are not supported for custom roles and are out of scope for Granular RBAC:
  1. Application Asset (AppSec)
  2. Vulnerability
  3. AppDNA

Here is an example:

• Out-of-the-box roles, such as System Admin, possess visibility into all query types accessible under the Investigate Menu as below:

• Only the supported query types for Custom Roles are listed under Settings > Access Control > Permission Group > Add Permission Group

• Users assigned with Custom Role will only have access to the Supported Query Types under the Investigate menu: