Prisma Cloud and Compute - Users with Custom Roles cannot view any data from the Monitor section

Users with custom role, are not able to view any data from below mentioned views, even after being granted permissions similar to those of a System Admin.  

• Monitor section
• Incident explorer
• Vulnerabilities information

Similarly, we also see some of the events are missing from the view under,

• Runtime Security > Monitor > ATT&CK Explorer

• Prisma Cloud and Compute
• User Roles

• Adding a wildcard entry under "Non-Onboarded Account IDs", means all account ID which is not onboarded will be included in this account group.
• Wildcard entry should be added irrespective of Cloud accounts onboarded in the environment. 
• For the events missing from view under the Runtime Security, though the permissions configured for custom role similar to the System Admin, it is still considered as the Custom permission. Reference: Create Customer Prisma Cloud Roles

1. Prisma Cloud Roles allow you to specify a wide range of user permissions, including access at various levels to multiple cloud environments, the ability to apply policies, as well as enable interactions with alerts and reports. Creating Custom Roles in Prisma
2. Custom Roles are applicable to both CSPM and CWP. 
3. If the cloud accounts are not onboarded and use case is only CWP in Prisma SaaS Compute, even then the custom roles are defined as per the permissions.
4. Though custom role has all the permissions configured similar to the System Admin, it is still considered as the Custom permission.
5. Permissions listed on the Assign Permissions page are not comprehensive and do not map one-to-one with all available feature permissions for an out of the box role. For instance, if we create a custom permission by cloning a System Administrator role, the feature permissions listed on the Assign Permissions page may not include all permissions available in the out of the box System Administrator role, as these feature permissions are not currently enabled for custom roles.
6. Feature permissions displayed on the Assign Permissions page, lists all available permissions that can be assigned for any given custom role.

Reference the Prisma Cloud Administrator Permissions page for a comprehensive list of default permissions by role.

Add the WildCard as shown in below screenshot.



Note: Simply adding a wildcard as above screenshot, means all account ID which is not onboarded will be included in this account group (this should be added irrespective of customer using CSPM or CWP) 

The Compute Access Group resource list on Prisma Cloud enables you to:

1. Restrict access to the data that is visible on the Compute tab to your read-only roles.
2. You can define the scope for the types of workloads or resources, such as hosts, containers, images, serverless functions that are accessible to a role and assign that role to a Prisma Cloud read-only role.
3. For a user to view data, they must be assigned to an account group or an on-prem provider.
4. The workloads you include in the list match criteria are within scope and accessible to the user who is assigned to the role.
5. On Compute, this resource list is referred to as an assigned collection and is a way to enable granular access to a specified set of resources instead of granting access to all resources within an account.
6. The resource list is automatically added to the list of Collections.
7. Although the Resource List for Compute Access Group is included in the list of collections, you cannot edit it on the Compute tab or use it when you add or edit rules for enforcing security checks on your resources.
8. Limitation of resource list will result in the differences between the data viewed by System Admin and Custom Role.
9. 
   Refer: Adding Resource list on Prisma Cloud
   
   Enabling Compute Capabilities and not selecting the Resources will ensure that System admin and Custom Roles have same views as long as all view permissions are enabled for custom role. 
   
   
    

• Create Custom Prisma Cloud Roles
• Prisma Cloud Compute: Users with Read Only group permissions are not able to view clusters in the Radar