DevOps Users with 'Build and Deploy Security' Administrator Role unable to access Collections in Prisma Cloud Compute
1042
Created On 05/10/22 03:38 AM - Last Modified 07/13/23 09:17 AM
Symptom
- DevOps Users are granted access to “Build and Deploy Security” Permission Group.
- With this, Users are able to access Compute > Monitor > Vulnerabilities > Images > CI section and view all the Scan Results.
- However, Users are unable to filter the scan results based on the Collections created.
- Searching for a Collection returns 'No Such Value' message while typing in an existing legitimate Collection manually with the Collections Column always empty.
- User with 'System Admin' Role can filter by existing Collection 'appid' under Compute > Monitor > Vulnerabilities > Images > CI.
- However, User with 'Build and Deploy Security' Role unable to filter the scan results based on the Collections created and receives 'No Such Value' message while typing in existing Collection 'appid' manually with the Collections Column empty.
Environment
- Prisma Cloud Enterprise Edition (SAAS)
Cause
- The Desired Functionality is currently not supported with Collections created inside the Compute Console.
Resolution
- Create a Resource List (of type Compute Access Group).
- Assign this Resource List to a relevant Administrator Role.
- Moving forward, a User with this Role will be able to see the assigned Resource Lists as Collections in the Compute section of the Console.
- For more information on Resource Lists, see Create a Resource List for Compute Resources section.
Additional Information
- It also recommend to create a Collection similar to the Resource List with the same conditions and use Resource Lists for Access Control and Collections for Vulnerability Policy Rules.